We performed a comparison between Checkmarx One and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It shows in-depth code of where actual vulnerabilities are."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The report function is the solution's greatest asset."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"It is a stable product."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"One of the most valuable features is it is flexible."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The scanner and the result generator are valuable features for us."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"They could work to improve the user interface. Right now, it really is lacking."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"We can run only one project at a time."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The integration could improve by including, for example, DevSecOps."
"Checkmarx is not good because it has too many false positive issues."
"The reports are good, but they still need to be improved considering what the UI offers."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"The support's response time could be faster since we are in different time zones."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The solution needs to make a more specific report."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Checkmarx One is rated 7.6, while Invicti is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and SonarQube. See our Checkmarx One vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.