Try our new research platform with insights from 80,000+ expert users

Invicti vs OpenText Dynamic Application Security Testing comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 21, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Invicti
Ranking in Dynamic Application Security Testing (DAST)
5th
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
30
Ranking in other categories
Static Application Security Testing (SAST) (15th), API Security (10th)
OpenText Dynamic Applicatio...
Ranking in Dynamic Application Security Testing (DAST)
3rd
Average Rating
7.2
Reviews Sentiment
6.1
Number of Reviews
22
Ranking in other categories
DevSecOps (9th)
 

Mindshare comparison

As of October 2025, in the Dynamic Application Security Testing (DAST) category, the mindshare of Invicti is 11.7%, up from 10.5% compared to the previous year. The mindshare of OpenText Dynamic Application Security Testing is 17.7%, down from 21.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
OpenText Dynamic Application Security Testing17.7%
Invicti11.7%
Other70.6%
Dynamic Application Security Testing (DAST)
 

Featured Reviews

Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.
Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"High level of accuracy and quick scanning."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"I would rate the stability as ten out of ten."
"Netsparker provides a more interactive interface that is more appealing."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"I'm sorry, but there is no review content provided to extract a quote from."
"The most valuable feature of this solution is the ability to make our customers more secure."
"It is scalable and very easy to use."
"It is easy to use, and its reporting is fairly simple."
"Guided Scan option allows us to easily scan and share reports."
 

Cons

"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Netsparker doesn't provide the source code of the static application security testing."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The solution needs to make a more specific report."
"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"A localized version, for example, in Korean would be a big improvement to this solution."
"I would like WebInspect's scanning capability to be quicker."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The scanner could be better."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"Lately, we've seen more false negatives."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
 

Pricing and Cost Advice

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"The price should be 20% lower"
"OWASP Zap is free and it has live updates, so that's a big plus."
"It is competitive in the security market."
"Fortify WebInspect is a very expensive product."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"The pricing is not clear and while it is not high, it is difficult to understand."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"It’s a fair price for the solution."
"This solution is very expensive."
"The price is okay."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
869,771 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
Financial Services Firm
16%
Government
14%
Manufacturing Company
12%
Computer Software Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business13
Midsize Enterprise4
Large Enterprise13
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise15
 

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
The main concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, ...
What is your experience regarding pricing and costs for Fortify WebInspect?
While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs between $15,000 to $19,000. In comparison, Burp Suite costs approximately $500 to ...
What needs improvement with Fortify WebInspect?
WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applications, where it requires approximately 20-24 hours to crawl and audit but produ...
What is your primary use case for Fortify WebInspect?
I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect fo...
 

Also Known As

Netsparker
Micro Focus WebInspect, WebInspect
 

Overview

 

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank
Aaron's
Find out what your peers are saying about Invicti vs. OpenText Dynamic Application Security Testing and other solutions. Updated: September 2025.
869,771 professionals have used our research since 2012.