We performed a comparison between Invicti and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like that it's stable and technical support is great."
"The scanner is light on the network and does not impact the network when scans are running."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"Its ability to crawl a web application is quite different than another similar scanner."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The application scanning feature is the most valuable feature."
"The solution is good at reporting the vulnerabilities of the application."
"We use the solution for security testing."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"Simple and easy to learn and master."
"The solution has tightened our security."
"The support's response time could be faster since we are in different time zones."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Right now, they are missing the static application security part, especially web application security."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"The custom attack preparation screen might be improved."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"It would be nice to have a solid SQL injection engine built into Zap."
"The port scanner is a little too slow."
"Reporting format has no output, is cluttered and very long."
"It doesn't run on absolutely every operating system."
"There's very little documentation that comes with OWASP Zap."
Invicti is ranked 15th in Application Security Testing (AST) with 25 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. Invicti is rated 8.2, while OWASP Zap is rated 7.6. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Invicti is most compared with Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Fortify WebInspect and HCL AppScan, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and HCL AppScan. See our Invicti vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
