Try our new research platform with insights from 80,000+ expert users

Invicti vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Invicti
Ranking in Static Application Security Testing (SAST)
15th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
29
Ranking in other categories
API Security (5th), Dynamic Application Security Testing (DAST) (3rd)
Qualys Web Application Scan...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
38
Ranking in other categories
Application Security Tools (12th)
 

Mindshare comparison

As of April 2025, in the Static Application Security Testing (SAST) category, the mindshare of Invicti is 1.5%, up from 1.2% compared to the previous year. The mindshare of Qualys Web Application Scanning is 2.2%, down from 2.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.
SubhajitAich - PeerSpot reviewer
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"Netsparker provides a more interactive interface that is more appealing."
"The scanner is light on the network and does not impact the network when scans are running."
"One of the features I like about this program is the low number of false positives and the support it offers."
"I like that it's stable and technical support is great."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The platform is stable."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"The product prevents possible vulnerabilities in our network."
"Automated scanning has significantly improved our web application security management by reducing manual work."
"The vulnerability management feature is a strong one. And also the patch management feature."
"It is a good product for website penetration testing to detect vulnerabilities."
"​QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.​"
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"It scans web applications to identify vulnerabilities during deployment."
 

Cons

"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"Invicti takes too long with big applications, and there are issues with the login portal."
"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"We have many websites. We don't force scanning on all of them at once because it's taking some time."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"It should have better automatic reporting."
"I have dealt with Qualys's technical support, and any enhancements are challenging. I would rate them a five out of ten."
"Deployment can be complicated."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"The support could be faster."
 

Pricing and Cost Advice

"The price should be 20% lower"
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"We never had any issues with the licensing; the price was within our assigned limits."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"It is competitive in the security market."
"It is an expensive platform."
"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."
"From my perspective, it is a budget-friendly option."
"There are different options available with respect to licensing."
"We normally purchase an annual license."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"Try the free trial of the product to understand the basic working mechanisms.​"
"The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
52%
Financial Services Firm
9%
Computer Software Company
7%
Manufacturing Company
4%
Computer Software Company
17%
Financial Services Firm
15%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerab...
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus ( /products/tenable-nessus-reviews ). After using the product for a year, I might have more s...
 

Also Known As

Netsparker
Qualys WAS
 

Overview

 

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Invicti vs. Qualys Web Application Scanning and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.