Today I'm starting a mini-series about my experience with the following popular Webapp pentesting tools:

Now to be clear, the goal of this bake-off is to find a tool for the more run-of-the-mill, "customer just wants to check a box" Webapps scan. So I'm not covering tools like Burp which I consider a primary tool for a deeper, manual Webapp test. My other "nice-to-haves" in a tool like this include:

  • Simple, clean interface
  • Shallow learning curve so team members can get up and running with the tool quickly
  • Wide variety of exporting/reporting options
  • Can run both in a cloud-hosted or local-install configuration

Turns out even talking through 4 tools takes a while, so today's episode focuses on Acunetix.