We performed a comparison between Checkmarx One and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The administration in Checkmarx is very good."
"The user interface is excellent. It's very user friendly."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The only thing I like is that Checkmarx does not need to compile."
"The value you can get out of the speedy production may be worth the price tag."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The most valuable feature for me is the Jenkins Plugin."
"The scanner and the result generator are valuable features for us."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"One of the features I like about this program is the low number of false positives and the support it offers."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"High level of accuracy and quick scanning."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The reports are good, but they still need to be improved considering what the UI offers."
"Implementing a blackout time for any user or teams: Needs improvement."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"I would like to see the rate of false positives reduced."
"It is an expensive solution."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The scannings are not sufficiently updated."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"Netsparker doesn't provide the source code of the static application security testing."
"Right now, they are missing the static application security part, especially web application security."
"Maybe the ability to make a good reporting format is needed."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Checkmarx One is rated 7.6, while Invicti is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and SonarQube. See our Checkmarx One vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
