Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Invicti comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

HCL AppScan
Ranking in Static Application Security Testing (SAST)
12th
Ranking in Dynamic Application Security Testing (DAST)
1st
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
43
Ranking in other categories
Application Security Tools (15th)
Invicti
Ranking in Static Application Security Testing (SAST)
14th
Ranking in Dynamic Application Security Testing (DAST)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
28
Ranking in other categories
API Security (5th)
 

Mindshare comparison

As of January 2025, in the Dynamic Application Security Testing (DAST) category, the mindshare of HCL AppScan is 22.3%, down from 28.3% compared to the previous year. The mindshare of Invicti is 17.1%, up from 13.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST)
 

Featured Reviews

AnshulTomar - PeerSpot reviewer
Scalable platform with efficient static and dynamic testing features
We use the product for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). By integrating AppScan into our CI/CD pipelines, aligned with Agile methodologies, we ensure that security testing becomes an integral part of the software development lifecycle The…
Amr Abdelnaser - PeerSpot reviewer
A safe solution used to detective vulnerabilities for dynamic and complex testing
The Invicti is the scope application tool. The solution is installed on-premise but could be installed as a web version. Starting from the latest version, the web version could be used. They have a web application server. The deployment of the solution involves installing the EXE and configuring your machine.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is easy to use."
"The most valuable feature of the solution is the scanning or security part."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"The solution is cheap."
"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"AppScan is stable."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"Invicti is a good product, and its API testing is also good."
"High level of accuracy and quick scanning."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
 

Cons

"There are so many lines of code with so many different categories that I am likely to get lost. ​"
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"​IBM Security AppScan Source is rather hard to use​."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"Many silly false positives are produced."
"AppScan needs to improve its handling of false positives."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"Scans become slow on large websites."
"The scanner itself should be improved because it is a little bit slow."
"The solution needs to make a more specific report."
"Netsparker doesn't provide the source code of the static application security testing."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The support's response time could be faster since we are in different time zones."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"Currently, there is nothing I would like to improve."
 

Pricing and Cost Advice

"The tool was expensive."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"HCL AppScan is expensive."
"The price is very expensive."
"The solution is cheap."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"Our clients are willing to pay the extra money. It is expensive."
"The product has premium pricing and could be more competitive."
"We never had any issues with the licensing; the price was within our assigned limits."
"The price should be 20% lower"
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"It is competitive in the security market."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"OWASP Zap is free and it has live updates, so that's a big plus."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
830,455 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
15%
Manufacturing Company
10%
Government
10%
Educational Organization
56%
Financial Services Firm
8%
Computer Software Company
6%
Manufacturing Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
Currently, there is nothing I would like to improve.
 

Comparisons

 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
Netsparker
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Samsung, The Walt Disney Company, T-Systems, ING Bank
Find out what your peers are saying about HCL AppScan vs. Invicti and other solutions. Updated: January 2025.
830,455 professionals have used our research since 2012.