Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Invicti comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

HCL AppScan
Ranking in Static Application Security Testing (SAST)
15th
Ranking in Dynamic Application Security Testing (DAST)
1st
Average Rating
7.8
Reviews Sentiment
6.1
Number of Reviews
43
Ranking in other categories
Application Security Tools (15th)
Invicti
Ranking in Static Application Security Testing (SAST)
14th
Ranking in Dynamic Application Security Testing (DAST)
4th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
29
Ranking in other categories
API Security (6th)
 

Mindshare comparison

As of July 2025, in the Dynamic Application Security Testing (DAST) category, the mindshare of HCL AppScan is 14.4%, down from 25.0% compared to the previous year. The mindshare of Invicti is 13.6%, down from 14.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST)
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Compared to other tools only AppScan supports special language."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The solution is cheap."
"The static scans are good, and the SaaS as well."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The product has valuable features for static and dynamic testing."
"There's extensive functionality with custom rules and a custom knowledge base."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The scanner and the result generator are valuable features for us."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
 

Cons

"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"A desktop version should be added."
"The solution could improve by having a mobile version."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The product has some technical limitations."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"AppScan is too complicated and should be made more user-friendly."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"The solution needs to make a more specific report."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The custom attack preparation screen might be improved."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"The scanner itself should be improved because it is a little bit slow."
"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
 

Pricing and Cost Advice

"HCL AppScan is expensive."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"Our clients are willing to pay the extra money. It is expensive."
"I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"The solution is moderately priced."
"The solution is cheap."
"The price is very expensive."
"The price should be 20% lower"
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"It is competitive in the security market."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"OWASP Zap is free and it has live updates, so that's a big plus."
"We never had any issues with the licensing; the price was within our assigned limits."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
860,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Government
12%
Manufacturing Company
9%
Educational Organization
25%
Financial Services Firm
14%
Computer Software Company
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerab...
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
Netsparker
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Samsung, The Walt Disney Company, T-Systems, ING Bank
Find out what your peers are saying about HCL AppScan vs. Invicti and other solutions. Updated: May 2025.
860,168 professionals have used our research since 2012.