Try our new research platform with insights from 80,000+ expert users

Fortify Application Defender vs Invicti comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

Fortify Application Defender
Average Rating
7.8
Number of Reviews
11
Ranking in other categories
Application Security Tools (33rd)
Invicti
Average Rating
8.2
Number of Reviews
27
Ranking in other categories
Static Application Security Testing (SAST) (14th), API Security (5th), Dynamic Application Security Testing (DAST) (3rd)
 

Mindshare comparison

Fortify Application Defender and Invicti aren’t in the same category and serve different purposes. Fortify Application Defender is designed for Application Security Tools and holds a mindshare of 0.7%, down 1.0% compared to last year.
Invicti, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 16.2% mindshare, up 14.7% since last year.
Application Security Tools
Dynamic Application Security Testing (DAST)
 

Featured Reviews

HisaoOgata - PeerSpot reviewer
May 24, 2023
Saves time and warns about the vulnerabilities in the software, but the false positive rate should be lower
We use the solution to prevent cyberattacks Based on the alerts created by the solution during development, we modify the software we are developing. The product finds mistakes automatically. It warns us about the vulnerabilities in the software. The product saves us cost and time. The product…
Akshay Waghmare - PeerSpot reviewer
Nov 9, 2023
A stable and user-friendly solution that can be used for dynamic application security testing
We use Invicti for dynamic application security testing and to integrate files into the pipeline The most valuable feature of Invicti is getting baseline scanning and incremental scan. The solution's false positive analysis and vulnerability analysis libraries could be improved. I have been…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The product saves us cost and time."
"Its ability to find security defects is valuable."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"Its ability to crawl a web application is quite different than another similar scanner."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"The solution generates reports automatically and quickly."
"High level of accuracy and quick scanning."
"Invicti is a good product, and its API testing is also good."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"I like that it's stable and technical support is great."
 

Cons

"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The false positive rate should be lower."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"Support for older compilers/IDEs is lacking."
"The solution is quite expensive."
"The workbench is a little bit complex when you first start using it."
"I encountered many false positives for Python applications."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Maybe the ability to make a good reporting format is needed."
"The custom attack preparation screen might be improved."
"Invicti takes too long with big applications, and there are issues with the login portal."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
 

Pricing and Cost Advice

"The price of this solution could be less expensive."
"The product’s price is much higher than other tools."
"Fortify Application Defender is very expensive."
"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
"The base licensing costs for the SaaS platform is about $900 USD per application, per year."
"The price should be 20% lower"
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"It is competitive in the security market."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We never had any issues with the licensing; the price was within our assigned limits."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,572 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
22%
Manufacturing Company
14%
Computer Software Company
14%
Government
9%
Educational Organization
55%
Financial Services Firm
8%
Computer Software Company
6%
Manufacturing Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortify Application Defender?
I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy.
What needs improvement with Fortify Application Defender?
The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and...
What is your primary use case for Fortify Application Defender?
We use the solution for fast code review. It is integrated into our DevOps pipeline.
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The inventory prices are very competitive. The competitors are more expensive, but the estimated cost of Invicti is more competitive than that of other tools. They had very good pricing. We have di...
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
Invicti has provided a roadmap outlining the improvements they're focusing on. Given the competition, with tools like Qualys and many others in the market, the interface needs to be enhanced, integ...
 

Also Known As

HPE Fortify Application Defender, Micro Focus Fortify Application Defender
Netsparker
 

Learn More

 

Overview

 

Sample Customers

ServiceMaster, Saltworks, SAP
Samsung, The Walt Disney Company, T-Systems, ING Bank
Find out what your peers are saying about Fortify Application Defender vs. Invicti and other solutions. Updated: October 2024.
814,572 professionals have used our research since 2012.