We performed a comparison between Invicti and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scanner and the result generator are valuable features for us."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"One of the features I like about this program is the low number of false positives and the support it offers."
"The scanner is light on the network and does not impact the network when scans are running."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"Invicti is a good product, and its API testing is also good."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The stability of the solution is very good."
"Automatic scanning is a valuable feature and very easy to use."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"It can be used effectively for internal auditing."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"Simple and easy to learn and master."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"Maybe the ability to make a good reporting format is needed."
"The solution needs to make a more specific report."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Netsparker doesn't provide the source code of the static application security testing."
"The scannings are not sufficiently updated."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The solution is unable to customize reports."
"The documentation is lacking and out-of-date, it really needs more love."
"The product should allow users to customize the report based on their needs."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"It needs more robust reporting tools."
"It would be nice to have a solid SQL injection engine built into Zap."
Invicti is ranked 15th in Application Security Testing (AST) with 25 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Invicti is rated 8.2, while OWASP Zap is rated 7.6. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Invicti is most compared with Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning, Fortify WebInspect and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify on Demand. See our Invicti vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.