We performed a comparison between Invicti and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"The solution generates reports automatically and quickly."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"The scanner and the result generator are valuable features for us."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The stability of the solution is very good."
"It has improved my organization with faster security tests."
"The product discovers more vulnerabilities compared to other tools."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The solution has tightened our security."
"We use the solution for security testing."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The solution needs to make a more specific report."
"Netsparker doesn't provide the source code of the static application security testing."
"Right now, they are missing the static application security part, especially web application security."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The custom attack preparation screen might be improved."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"The support's response time could be faster since we are in different time zones."
"The product should allow users to customize the report based on their needs."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"There's very little documentation that comes with OWASP Zap."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The documentation is lacking and out-of-date, it really needs more love."
"The solution is unable to customize reports."
Invicti is ranked 15th in Static Application Security Testing (SAST) with 25 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Invicti is rated 8.2, while OWASP Zap is rated 7.6. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Invicti is most compared with Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Fortify WebInspect and Rapid7 AppSpider, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and HCL AppScan. See our Invicti vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
