We performed a comparison between Fortify on Demand and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"I do not remember any issues with stability."
"The quality of application security testing reduces risk and gives very few false positives."
"The licensing was good."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"We have the option to test applications with or without credentials."
"The installation was easy."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"Invicti is a good product, and its API testing is also good."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"One of the features I like about this program is the low number of false positives and the support it offers."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The scanner is light on the network and does not impact the network when scans are running."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"Reporting could be improved."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"The products must provide better integration with build tools."
"Fortify on Demand could be improved with support in Russia."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"Takes up a lot of resources which can slow things down."
"There were some regulated compliances, which were not there."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The solution needs to make a more specific report."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The support's response time could be faster since we are in different time zones."
"The custom attack preparation screen might be improved."
"The scannings are not sufficiently updated."
"Maybe the ability to make a good reporting format is needed."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Fortify on Demand is rated 8.0, while Invicti is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and Rapid7 AppSpider. See our Fortify on Demand vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.