We performed a comparison between Fortify on Demand and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Being able to reduce risk overall is a very valuable feature for us."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"The solution is very fast."
"It improves future security scans."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"High level of accuracy and quick scanning."
"The scanner and the result generator are valuable features for us."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"I like that it's stable and technical support is great."
"One of the features I like about this program is the low number of false positives and the support it offers."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Invicti is a good product, and its API testing is also good."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"We have some stability issues, but they are minimal."
"I would like the solution to add AI support."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"They have very good support, but there is always room for improvement."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The support's response time could be faster since we are in different time zones."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"Maybe the ability to make a good reporting format is needed."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"The scannings are not sufficiently updated."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The solution needs to make a more specific report."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Fortify on Demand is rated 8.0, while Invicti is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and Rapid7 AppSpider. See our Fortify on Demand vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.