HCL AppScan vs Invicti comparison

HCL AppScan
Read 41 HCL AppScan reviews
  • 5,317 Views
  • 4,092 Comparison Views
82% willing to recommend
Invicti
Read 26 Invicti reviews
  • 3,246 Views
  • 1,665 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between HCL AppScan and Invicti based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed HCL AppScan vs. Invicti Report (Updated: May 2024).
Buyer's Guide
HCL AppScan vs. Invicti
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
14th
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.8
Number of Reviews
41
Ranking in other categories
Dynamic Application Security Testing (DAST) (1st)
Invicti
Ranking in Application Security Tools
20th
Ranking in Static Application Security Testing (SAST)
15th
Average Rating
8.2
Number of Reviews
26
Ranking in other categories
No ranking in other categories
 

Market share comparison

As of June 2024, in the Application Security Tools category, the market share of HCL AppScan is 3.1% and it increased by 13.7% compared to the previous year. The market share of Invicti is 1.2% and it decreased by 6.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
Unique Categories:
Static Application Security Testing (SAST)
2.6%
Dynamic Application Security Testing (DAST)
30.0%
 

Featured Reviews

AnanyaRoy - PeerSpot reviewer
Sep 25, 2023
A stable and scalable product useful for application security scanning
I use HCL AppScan in my company for application security scanning The most valuable feature of the solution stems from the fact that it is good to run the scan faster. You can basically run the scan and take a break at work since the tool will compute the results, which makes the product quite…
Read full review
VS
Aug 4, 2023
A stable solution that can be used for web application security and API testing
We use Invicti for web application security, web application ping test, API testing, and endpoint testing like SoapUI testing Invicti is a good product, and its API testing is also good. The product is really good and gets into false positive checks and proof of concept checks. The scanning…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The solution offers services in a few specific development languages."
"Compared to other tools only AppScan supports special language."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"There's extensive functionality with custom rules and a custom knowledge base."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"It was easy to set up."
More HCL AppScan pros
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"I like that it's stable and technical support is great."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"One of the features I like about this program is the low number of false positives and the support it offers."
"The platform is stable."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
More Invicti pros
 

Cons

"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"There is not a central management for static and dynamic."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"They have to improve support."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"They could add a software component analysis tool."
"Many silly false positives are produced."
More HCL AppScan cons
"The support's response time could be faster since we are in different time zones."
"They could enhance the support for data swap testing for the platform."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The solution needs to make a more specific report."
"Maybe the ability to make a good reporting format is needed."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Right now, they are missing the static application security part, especially web application security."
More Invicti cons
 

Pricing and Cost Advice

"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"The solution is cheap."
"HCL AppScan is expensive."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool."
"Our clients are willing to pay the extra money. It is expensive."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
More HCL AppScan pricing and cost advice
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"The price should be 20% lower"
"It is competitive in the security market."
"OWASP Zap is free and it has live updates, so that's a big plus."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
More Invicti pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
15%
Government
10%
Manufacturing Company
9%
Educational Organization
52%
Financial Services Firm
8%
Computer Software Company
6%
Manufacturing Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its fea...
See all answers
What is your primary use case for HCL AppScan?
I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for vulner...
See all answers
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate ...
See all answers
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
See all answers
What needs improvement with Invicti?
The solution's false positive analysis and vulnerability analysis libraries could be improved.
See all answers
 

Comparisons

SonarQube vs HCL AppScan Logo
SonarQube vs HCL AppScan
Compared 16% of the time
Veracode vs HCL AppScan Logo
Veracode vs HCL AppScan
Compared 12% of the time
Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 11% of the time
OWASP Zap vs HCL AppScan Logo
OWASP Zap vs HCL AppScan
Compared 8% of the time
Tenable.io Web Application Scanning vs HCL AppScan Logo
Tenable.io Web Application Scanning vs HCL AppScan
Compared 2% of the time
More HCL AppScan Competitors
OWASP Zap vs Invicti Logo
OWASP Zap vs Invicti
Compared 19% of the time
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 14% of the time
PortSwigger Burp Suite Professional vs Invicti Logo
PortSwigger Burp Suite Professional vs Invicti
Compared 9% of the time
Qualys Web Application Scanning vs Invicti Logo
Qualys Web Application Scanning vs Invicti
Compared 7% of the time
Fortify on Demand vs Invicti Logo
Fortify on Demand vs Invicti
Compared 5% of the time
More Invicti Competitors
 

Product Reports

Buyer's Guide
HCL AppScan
June 2024
HCL AppScan reportDownload HCL AppScan product report
Buyer's Guide
Invicti
June 2024
Invicti reportDownload Invicti product report
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
Mavituna Netsparker
 

Learn More

HCLTech
Invicti
 

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Samsung, The Walt Disney Company, T-Systems, ING Bank
Buyer's Guide
HCL AppScan vs. Invicti
May 2024
Free Report: HCL AppScan vs. Invicti
Find out what your peers are saying about HCL AppScan vs. Invicti and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our HCL AppScan vs. Invicti report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.