Invicti vs OpenText Dynamic Application Security Testing vs Veracode comparison

The compared Invicti and OpenText solutions aren't in the same category. Invicti is ranked #5 in DAST , with an average rating of 8.7, and holds a 12.0% mindshare in the category. OpenText is ranked #2 in DAST , with an average rating of 8.0, and holds a 17.9% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 83% of OpenText users who would recommend it.

Invicti

Read 30 Invicti reviews

2,834 Views
510 Comparison Views

96% willing to recommend

OpenText Dynamic Applicatio...

Read 22 OpenText Dynamic Application Security Testing reviews

3,330 Views
866 Comparison Views

83% willing to recommend

Veracode

Read 204 Veracode reviews

19,783 Views
12,859 Comparison Views

90% willing to recommend

Invicti

OpenText Dynamic Applicatio...

Veracode

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Invicti, OpenText Dynamic Application Security Testing, and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about HCLSoftware , OpenText, Rapid7 and others in Dynamic Application Security Testing (DAST).

To learn more, read our detailed Dynamic Application Security Testing (DAST) Report (Updated: August 2025).

Buyer's Guide

Dynamic Application Security Testing (DAST)

August 2025

Download the complete report

Helped 867,349 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

Dynamic Application Security Testing (DAST) Market Share Distribution
Product	Market Share (%)
Invicti	12.0%
OpenText Dynamic Application Security Testing	17.9%
HCL AppScan	14.3%
Other	55.8%

Dynamic Application Security Testing (DAST)

Dynamic Application Security Testing (DAST) Market Share Distribution
Product	Market Share (%)
OpenText Dynamic Application Security Testing	17.9%
HCL AppScan	14.3%
Checkmarx One	13.5%
Other	54.3%

Dynamic Application Security Testing (DAST)

Application Security Tools Market Share Distribution
Product	Market Share (%)
Veracode	8.0%
SonarQube Server (formerly SonarQube)	20.8%
Checkmarx One	10.2%
Other	61.0%

Application Security Tools

Featured Reviews

Kunal M

Capability Center Leader, ETRM Platforms at Shell

Proactive scanning measures and realistic audit recommendations enhance development focus

Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Read full review

Navin N

Global ISO 27001 Program Lead at DXC Technology

Effective scanning of diverse file extensions with fast reporting and issue resolution

We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Read full review

Kv Rao

Site Leader (India) at Industrial Scientific

Integrates pipelines smoothly and fortifies code against vulnerabilities

I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Netsparker provides a more interactive interface that is more appealing."

"I like that it's stable and technical support is great."

"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."

"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."

"This tool is really fast and the information that they provide on vulnerabilities is pretty good."

"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."

"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."

"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."

More Invicti pros

"The most valuable feature of this solution is the ability to make our customers more secure."

"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."

"It is easy to use, and its reporting is fairly simple."

"It is scalable and very easy to use."

"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."

"The accuracy of its scans is great."

"It's a well-known platform for doing dynamic application scanning."

"The most valuable feature is the static analysis."

More OpenText Dynamic Application Security Testing pros

"Veracode Fix has affected our time to remediate security flaws in cases where we've been able to use it correctly because the proposals were on point, and it's been great."

"Veracode provides visibility into application status at every phase of development through static analysis."

"Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components."

"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."

"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."

"The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws."

"One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster."

"I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more."

More Veracode pros

Cons

"The solution needs to make a more specific report."

"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."

"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."

"Currently, there is nothing I would like to improve."

"Right now, they are missing the static application security part, especially web application security."

"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"

"Invicti takes too long with big applications, and there are issues with the login portal."

More Invicti cons

"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."

"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."

"The initial setup was complex."

"Lately, we've seen more false negatives."

"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."

"Creating reports is very slow and it is something that should be improved."

"Not sufficiently compatible with some of our systems."

"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."

More OpenText Dynamic Application Security Testing cons

"The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives."

"All areas of the solution could use some improvement."

"I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of stuff; more hand-holding in the sense of understanding our environment."

"We connected with Veracode's support a couple of times, and we got a different answer each time."

"Improvements can be made to Veracode, particularly in terms of process. If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly."

"Veracode scans provide a higher number of false positives."

"The JIRA integration automation aspect of it could be improved significantly. We want to have a way to create tickets that are going to allow people to work through those flaws that we're finding. We don't want people to feel like they're missing out on something or that they're not following directions in the right way."

"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."

More Veracode cons

Pricing and Cost Advice

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"The price should be 20% lower"

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"We never had any issues with the licensing; the price was within our assigned limits."

"OWASP Zap is free and it has live updates, so that's a big plus."

"It is competitive in the security market."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

More Invicti pricing and cost advice

"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."

"The price is okay."

"The pricing is not clear and while it is not high, it is difficult to understand."

"Fortify WebInspect is a very expensive product."

"This solution is very expensive."

"Our licensing is such that you can only run one scan at a time, which is inconvenient."

"It’s a fair price for the solution."

"Veracode provides value for the cost, with no additional charges apart from the standard licensing fee."

"The price of Veracode Static Analysis could improve."

"Veracode's pricing is on the higher end, but it is acceptable."

"Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money."

"We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."

"It is pricey. There is a lot of value in the product, but it is a costly tool."

"The Veracode price model is based on application profiles, which is how you package your components for scanning."

"Users in some forums mentioned that pricing for this solution can be quite high."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.

See recommendations

867,349 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

15%

Manufacturing Company

Government

Financial Services Firm

15%

Government

15%

Manufacturing Company

13%

Computer Software Company

10%

Financial Services Firm

16%

Computer Software Company

16%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	13
Midsize Enterprise	4
Large Enterprise	13

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	1
Large Enterprise	15

By reviewers
Company Size	Count
Small Business	69
Midsize Enterprise	43
Large Enterprise	112

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing mode...

See all answers

What do you like most about Invicti?

The most valuable feature of Invicti is getting baseline scanning and incremental scan.

See all answers

What needs improvement with Invicti?

The main concern is on the performance side, but other than that, we find it really helpful in identifying web vulner...

See all answers

What is your experience regarding pricing and costs for Fortify WebInspect?

While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs be...

See all answers

What needs improvement with Fortify WebInspect?

WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applic...

See all answers

What is your primary use case for Fortify WebInspect?

I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite f...

See all answers

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...

See all answers

What do you like most about Veracode?

The SAST and DAST modules are great.

See all answers

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and da...

See all answers

Comparisons

Acunetix vs Invicti

Compared 19% of the time

OWASP Zap vs Invicti

Compared 10% of the time

SonarQube Server (formerly SonarQube) vs Invicti

Compared 7% of the time

Snyk vs Invicti

Compared 5% of the time

Rapid7 InsightAppSec vs Invicti

Compared 5% of the time

More Invicti Competitors

PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing

Compared 17% of the time

OWASP Zap vs OpenText Dynamic Application Security Testing

Compared 11% of the time

Qualys Web Application Scanning vs OpenText Dynamic Application Security Testing

Compared 8% of the time

PortSwigger Burp Suite Enterprise Edition vs OpenText Dynamic Application Security Testing

Compared 8% of the time

Contrast Security Assess vs OpenText Dynamic Application Security Testing

Compared 4% of the time

More OpenText Dynamic Application Security Testing Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 16% of the time

Checkmarx One vs Veracode

Compared 9% of the time

GitHub Advanced Security vs Veracode

Compared 7% of the time

OpenText Core Application Security vs Veracode

Compared 4% of the time

OWASP Zap vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Buyer's Guide

Invicti

September 2025

Download Invicti product report

Buyer's Guide

OpenText Dynamic Application Security Testing

August 2025

OpenText Dynamic Application Security Testing report

Download OpenText Dynamic Application Security Testing product report

Buyer's Guide

Veracode

August 2025

Download Veracode product report

Also Known As

Netsparker

Micro Focus WebInspect, WebInspect

Crashtest Security , Veracode Detect

Overview

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti

OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.

This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in cloud integration, cost-effectiveness, and installation processes. Faster scans, reduced false positives, and improved mobile testing features are also desired.

What are the key features of OpenText Dynamic Application Security Testing?

Scalability: Easily adapts to changing enterprise needs.
Ease of Use: User-friendly interface with guided scans.
Comprehensive Reporting: Detailed vulnerability analysis and reporting.
Integration Capabilities: Works with Fortify code scanner and user authentication scanning.
Wide Vulnerability Detection: Identifies extensive security vulnerabilities.

What benefits should users expect from reviews?

Efficient Vulnerability Management: Streamlines security management in development environments.
Detailed Analysis: Provides in-depth insights into security issues.
Quick Setup: Easy to deploy within existing systems.
Enterprise Preference: Supports enterprise environments efficiently.

In industries like BFSI, OpenText Dynamic Application Security Testing is employed for performance network application testing, dynamic and static application security testing, and code checks. Security and QA teams use it in development processes to ensure application security prior to release, proving integral in both enterprise and testing environments.

OpenText

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Aaron's

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Buyer's Guide

Dynamic Application Security Testing (DAST)

August 2025

Download Free Report

Find out what your peers are saying about HCLSoftware , OpenText, Rapid7 and others in Dynamic Application Security Testing (DAST). Updated: August 2025.

DOWNLOAD NOW

867,349 professionals have used our research since 2012.