We performed a comparison between Invicti and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like that it's stable and technical support is great."
"The scanner and the result generator are valuable features for us."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"One of the features I like about this program is the low number of false positives and the support it offers."
"Its ability to crawl a web application is quite different than another similar scanner."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"It helps in API testing, where manual intervention was previously necessary for each payload."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"Enables automation of different tasks such as authorization testing."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The most valuable features are Burp Intruder and Burp Scanner."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"The solution helped us discover vulnerabilities in our applications."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The support's response time could be faster since we are in different time zones."
"The solution needs to make a more specific report."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"Netsparker doesn't provide the source code of the static application security testing."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"The scannings are not sufficiently updated."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The solution lacks sufficient stability."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"If we're running a huge number of scans regularly, it slows down the tool."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Invicti is ranked 20th in Application Security Tools with 25 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Invicti is rated 8.2, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Invicti is most compared with OWASP Zap, Acunetix, Tenable.io Web Application Scanning, Fortify WebInspect and Qualys Web Application Scanning, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Veracode. See our Invicti vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.