Today I’m starting a mini-series about my experience with the following popular Webapp pentesting tools:

• Acunetix
• Appspider
• Netsparker
• Qualys

Now to be clear, the goal of this bake-off is to find a tool for the more run-of-the-mill, "customer just wants to check a box" Webapps scan. So I’m not covering tools like Burp which I consider a primary tool for a deeper, manual Webapp test. My other "nice-to-haves" in a tool like this include:

• Simple, clean interface
• Shallow learning curve so team members can get up and running with the tool quickly
• Wide variety of exporting/reporting options
• Can run both in a cloud-hosted or local-install configuration

Turns out even talking through 4 tools takes a while, so today’s episode focuses on Acunetix.