We performed a comparison between Invicti and Synopsys API Security Testing based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"Invicti is a good product, and its API testing is also good."
"The solution generates reports automatically and quickly."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Maybe the ability to make a good reporting format is needed."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The scannings are not sufficiently updated."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The support's response time could be faster since we are in different time zones."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The solution required us to use our team and we spoke to Synopsys API Security Testing's support to do the implementation. We use two people from our team for the implementation. and one person for maintenance."
Invicti is ranked 15th in Static Application Security Testing (SAST) with 25 reviews while Synopsys API Security Testing is ranked 29th in Static Application Security Testing (SAST). Invicti is rated 8.2, while Synopsys API Security Testing is rated 7.0. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of Synopsys API Security Testing writes "Useful threat vectors, beneficial results, but implementation needed support". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode, whereas Synopsys API Security Testing is most compared with Seeker, Fortify WebInspect, OWASP Zap and Acunetix.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.