We performed a comparison between Checkmarx One and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The administration in Checkmarx is very good."
"The most valuable feature is the application tracking reporting."
"Both automatic and manual code review (CxQL) are valuable."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"One of the features I like about this program is the low number of false positives and the support it offers."
"Its ability to crawl a web application is quite different than another similar scanner."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"High level of accuracy and quick scanning."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"Checkmarx needs to be more scalable for large enterprise companies."
"We can run only one project at a time."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Meta data is always needed."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The custom attack preparation screen might be improved."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"Netsparker doesn't provide the source code of the static application security testing."
"The scanner itself should be improved because it is a little bit slow."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Checkmarx One is rated 7.6, while Invicti is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Synopsys Defensics. See our Checkmarx One vs. Invicti report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.