We performed a comparison between Checkmarx One and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The only thing I like is that Checkmarx does not need to compile."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"We use the solution to validate the source code and do SAST and security analysis."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"It is a stable product."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The scanner and the result generator are valuable features for us."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"One of the features I like about this program is the low number of false positives and the support it offers."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"The pricing can get a bit expensive, depending on the company's size."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx could improve by reducing the price."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Implementing a blackout time for any user or teams: Needs improvement."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Invicti takes too long with big applications, and there are issues with the login portal."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Right now, they are missing the static application security part, especially web application security."
"The scanner itself should be improved because it is a little bit slow."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The solution needs to make a more specific report."
"The scannings are not sufficiently updated."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Checkmarx One is rated 7.6, while Invicti is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Synopsys Defensics. See our Checkmarx One vs. Invicti report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
