As part of this year's Hack Miami conference, a large number of independent security researchers conducted a "Pen-Test Tools Shootout", evaluating several leading web security scanners and comparing their performance against a range of targets and benchmarks. The results are now in:
|Acunetix||$1,400 - $13,000||5||4||4.5||4|
The authors' overall conclusion is: "Burp Suite and Nexpose/Metasploit Pro currently provide the most value to the independent security consultant in terms of discovered vulnerabilities, ease of use, licensing flexibility, and range of functionality".
Since Nexpose costs 66 times the price of Burp Suite, getting the joint top rating is a pretty good result for Burp. The only area where we were significantly marked down was in only being able to generate reports in HTML format, not as PDF. Now, I've always used an external "save as PDF" conversion when this is needed, but maybe this is something we need to look at to get even better.