We performed a comparison between Invicti and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The scanner and the result generator are valuable features for us."
"The solution generates reports automatically and quickly."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"Its ability to crawl a web application is quite different than another similar scanner."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"I like that it's stable and technical support is great."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"This product is designed for easy scalability and can easily scale up without major challenges."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"It is a good product for website penetration testing to detect vulnerabilities."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"It works with many different products."
"The product prevents possible vulnerabilities in our network."
"The support's response time could be faster since we are in different time zones."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"Right now, they are missing the static application security part, especially web application security."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Netsparker doesn't provide the source code of the static application security testing."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"There should be better visibility into the application."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The support could be faster."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The reporting contains too many false positives."
"The pricing does not seem to be competitive."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
More Qualys Web Application Scanning Pricing and Cost Advice →
Invicti is ranked 20th in Application Security Tools with 25 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Invicti is rated 8.2, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Fortify WebInspect and Rapid7 AppSpider, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and ImmuniWeb. See our Invicti vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.