We performed a comparison between Invicti and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The scanner and the result generator are valuable features for us."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"High level of accuracy and quick scanning."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"The solution is scalable."
"The scalability of this product is very good."
"Automatic updates and pull request analysis."
"The ZAP scan and code crawler are valuable features."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"Right now, they are missing the static application security part, especially web application security."
"The support's response time could be faster since we are in different time zones."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The solution needs to make a more specific report."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The technical support team must be proactive."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"The port scanner is a little too slow."
"The reporting feature could be more descriptive."
"Too many false positives; test reports could be improved."
Invicti is ranked 15th in Application Security Testing (AST) with 25 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. Invicti is rated 8.2, while OWASP Zap is rated 7.6. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Invicti is most compared with Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Fortify WebInspect and HCL AppScan, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and HCL AppScan. See our Invicti vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.