Try our new research platform with insights from 80,000+ expert users

Invicti vs OpenText Dynamic Application Security Testing comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 21, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Invicti
Ranking in Dynamic Application Security Testing (DAST)
5th
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
30
Ranking in other categories
Static Application Security Testing (SAST) (15th), API Security (10th)
OpenText Dynamic Applicatio...
Ranking in Dynamic Application Security Testing (DAST)
3rd
Average Rating
7.2
Reviews Sentiment
6.1
Number of Reviews
22
Ranking in other categories
DevSecOps (8th)
 

Mindshare comparison

As of October 2025, in the Dynamic Application Security Testing (DAST) category, the mindshare of Invicti is 11.7%, up from 10.5% compared to the previous year. The mindshare of OpenText Dynamic Application Security Testing is 17.7%, down from 21.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
OpenText Dynamic Application Security Testing17.7%
Invicti11.7%
Other70.6%
Dynamic Application Security Testing (DAST)
 

Featured Reviews

Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.
Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The scanner is light on the network and does not impact the network when scans are running."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"The transaction recorder within WebInspect is easy to use, which is valuable for our team."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"It's a well-known platform for doing dynamic application scanning."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"It is easy to use, and its reporting is fairly simple."
"The solution is easy to use."
"Technical support has been good."
"The most valuable feature of this solution is the ability to make our customers more secure."
 

Cons

"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Currently, there is nothing I would like to improve."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"The scanner itself should be improved because it is a little bit slow."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The custom attack preparation screen might be improved."
"The solution needs to make a more specific report."
"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"I would like WebInspect's scanning capability to be quicker."
"Lately, we've seen more false negatives."
"There are some file extensions, like .SER, that Fortify WebInspect doesn't scan."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"We have had a problem with authentification."
 

Pricing and Cost Advice

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"OWASP Zap is free and it has live updates, so that's a big plus."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"The price should be 20% lower"
"We never had any issues with the licensing; the price was within our assigned limits."
"It is competitive in the security market."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"The price is okay."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"This solution is very expensive."
"It’s a fair price for the solution."
"Fortify WebInspect is a very expensive product."
"The pricing is not clear and while it is not high, it is difficult to understand."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
869,513 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
Financial Services Firm
15%
Government
15%
Manufacturing Company
12%
Computer Software Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business13
Midsize Enterprise4
Large Enterprise13
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise15
 

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
The main concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, ...
What is your experience regarding pricing and costs for Fortify WebInspect?
While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs between $15,000 to $19,000. In comparison, Burp Suite costs approximately $500 to ...
What needs improvement with Fortify WebInspect?
WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applications, where it requires approximately 20-24 hours to crawl and audit but produ...
What is your primary use case for Fortify WebInspect?
I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect fo...
 

Also Known As

Netsparker
Micro Focus WebInspect, WebInspect
 

Overview

 

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank
Aaron's
Find out what your peers are saying about Invicti vs. OpenText Dynamic Application Security Testing and other solutions. Updated: September 2025.
869,513 professionals have used our research since 2012.