We performed a comparison between Checkmarx One and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"We use the solution for dynamic application testing."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The scanner and the result generator are valuable features for us."
"Its ability to crawl a web application is quite different than another similar scanner."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"I like that it's stable and technical support is great."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"The integration could improve by including, for example, DevSecOps."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"They could work to improve the user interface. Right now, it really is lacking."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"The reports are good, but they still need to be improved considering what the UI offers."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The scanner itself should be improved because it is a little bit slow."
"Netsparker doesn't provide the source code of the static application security testing."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Checkmarx One is rated 7.6, while Invicti is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and SonarQube. See our Checkmarx One vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.