Try our new research platform with insights from 80,000+ expert users

Imperva Application Security Platform vs Invicti comparison

Imperva and Invicti are both solutions in the API Security category. Imperva is ranked #2 with an average rating of 8.5, while Invicti is ranked #10 with an average rating of 8.7. Imperva holds a 7.3% mindshare in APIS, compared to Invicti’s 2.4% mindshare. Additionally, 95% of Imperva users are willing to recommend the solution, compared to 96% of Invicti users who would recommend it.
Imperva Application Securit...
Read 133 Imperva Application Security Platform reviews
  • 8,852 Views
  • 354 Comparison Views
95% willing to recommend
Invicti
Read 30 Invicti reviews
  • 2,738 Views
  • 164 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 17, 2025

Invicti and Imperva Application Security Platform compete in application security. Invicti leads in pricing and customer support, while Imperva offers superior features, with data showing that Imperva’s value justifies higher investment for many buyers.

Features: Invicti offers automated web vulnerability scanning, ease of use, and platform integration. Imperva provides comprehensive security capabilities, advanced threat prevention, and compliance management.

Room for Improvement: Invicti could enhance security coverage and scalability for larger enterprises. Imperva may benefit from simplifying deployment processes and improving user interface to enhance accessibility for non-expert users.

Ease of Deployment and Customer Service: Invicti features a straightforward deployment process and responsive customer service, making it accessible to various clientele. Imperva offers a more complex deployment model but provides extensive support and tailored solutions for large-scale needs.

Pricing and ROI: Invicti presents a cost-effective setup with faster ROI, appealing to budget-conscious buyers. Imperva, with its higher upfront cost, offers a longer-term ROI through extensive protective features and scalability, beneficial for enterprises needing deep security measures.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Imperva Application Security Platform vs. Invicti Report (Updated: September 2025).
Buyer's Guide
Imperva Application Security Platform vs. Invicti
September 2025
Download the complete report
Helped 869,566 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Imperva Application Securit...
Ranking in API Security
2nd
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
133
Ranking in other categories
CDN (4th), Web Application Firewall (WAF) (4th), Distributed Denial-of-Service (DDoS) Protection (4th), Bot Management (2nd)
Invicti
Ranking in API Security
10th
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
30
Ranking in other categories
Static Application Security Testing (SAST) (15th), Dynamic Application Security Testing (DAST) (5th)
 

Mindshare comparison

As of October 2025, in the API Security category, the mindshare of Imperva Application Security Platform is 7.3%, up from 3.9% compared to the previous year. The mindshare of Invicti is 2.4%, up from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
API Security Market Share Distribution
ProductMarket Share (%)
Imperva Application Security Platform7.3%
Invicti2.4%
Other90.3%
API Security
 

Featured Reviews

Mitesh D Patel - PeerSpot reviewer
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.
Read full review
Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Protection is the best solution since it has profile functionality."
"Scalability is pretty easy on the base platform. You just add another, and you're ready to go."
"It fits our requirements, as well as our budget."
"The most valuable features are DDoS protection."
"It has fewer false positives"
"Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance."
"The dynamic profiling of websites is the solution's most valuable feature. The security is also good."
"One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise."
More Imperva Application Security Platform pros
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"The solution generates reports automatically and quickly."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."
"High level of accuracy and quick scanning."
"Invicti is a good product, and its API testing is also good."
More Invicti pros
 

Cons

"If they can bring in generative AI features, that would be useful."
"There’s nothing that’s missing in terms of features."
"It is complicated to integrate the solution's on-cloud version with other platforms."
"The cost could be lower; our end clients need to have a high budget to purchase this solution."
"One potential improvement for Imperva is enhancing its alert system."
"It needs to be improved every time there are new attacks."
"I would like to see improvements in the pooling of threats and attacks, possibly to enlarge the scale of indicators of compromise."
"It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."
More Imperva Application Security Platform cons
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The scanner itself should be improved because it is a little bit slow."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"Maybe the ability to make a good reporting format is needed."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
More Invicti cons
 

Pricing and Cost Advice

"The tool is expensive."
"The cost of this solution depends on the platform."
"We are satisfied with the pricing."
"Varies depending on the needs of the customer."
"The solution's price is high for small companies."
"It's an excellent product, but it can be very costly."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a five out of ten."
"There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
More Imperva Application Security Platform pricing and cost advice
"We never had any issues with the licensing; the price was within our assigned limits."
"OWASP Zap is free and it has live updates, so that's a big plus."
"It is competitive in the security market."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"The price should be 20% lower"
More Invicti pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which API Security solutions are best for your needs.
See recommendations
869,566 professionals have used our research since 2012.
 

Comparison Review

it_user68487 - PeerSpot reviewer
Nov 6, 2013
CloudFlare vs Incapsula: Web Application Firewall
CloudFlare vs Incapsula: Round 2 Web Application Firewall Comparative Penetration Testing Analysis Report v1.0 Summary This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
13%
Manufacturing Company
8%
Insurance Company
6%
Financial Services Firm
17%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business83
Midsize Enterprise25
Large Enterprise61
By reviewers
Company SizeCount
Small Business13
Midsize Enterprise4
Large Enterprise13
 

Questions from the Community

Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
Imperva is a strong choice, given their security focus and ongoing R&D into the product in areas such as bot management.
See all answers
What do you like most about Imperva Incapsula?
We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping.
See all answers
What is your experience regarding pricing and costs for Imperva DDoS?
The pricing, setup costs, and licensing of Imperva DDoS are reasonable for the amount of technical capabilities provided. I would rate the pricing of Imperva DDoS as five, where one is very cheap a...
See all answers
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
See all answers
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
See all answers
What needs improvement with Invicti?
The main concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, ...
See all answers
 

Comparisons

Cloudflare vs Imperva Application Security Platform Logo
Cloudflare vs Imperva Application Security Platform
Compared 14% of the time
Akamai vs Imperva Application Security Platform Logo
Akamai vs Imperva Application Security Platform
Compared 8% of the time
Microsoft Azure Application Gateway vs Imperva Application Security Platform Logo
Microsoft Azure Application Gateway vs Imperva Application Security Platform
Compared 6% of the time
F5 Advanced WAF vs Imperva Application Security Platform Logo
F5 Advanced WAF vs Imperva Application Security Platform
Compared 5% of the time
AWS WAF vs Imperva Application Security Platform Logo
AWS WAF vs Imperva Application Security Platform
Compared 5% of the time
More Imperva Application Security Platform Competitors
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 18% of the time
OWASP Zap vs Invicti Logo
OWASP Zap vs Invicti
Compared 8% of the time
Veracode vs Invicti Logo
Veracode vs Invicti
Compared 7% of the time
SonarQube Server (formerly SonarQube) vs Invicti Logo
SonarQube Server (formerly SonarQube) vs Invicti
Compared 7% of the time
Snyk vs Invicti Logo
Snyk vs Invicti
Compared 6% of the time
More Invicti Competitors
 

Product Reports

Buyer's Guide
Imperva Application Security Platform
September 2025
Imperva Application Security Platform reportDownload Imperva Application Security Platform product report
Buyer's Guide
Invicti
September 2025
Invicti reportDownload Invicti product report
 

Also Known As

Imperva Bot Management, Imperva Web Application Firewall, Imperva API Security
Netsparker
 

Overview

Imperva Application Security Platform delivers comprehensive and continuous web threat protection. Renowned for its ease of use, it shields web applications and databases from various cyber threats while integrating seamlessly with cloud and on-premises environments.

Imperva Application Security Platform protects web environments by offering advanced security measures against threats like DDoS attacks, SQL injections, and cross-site scripting. As a robust web application firewall, it provides extensive monitoring and bot management capabilities. The platform integrates content delivery networks for enhanced performance and scalability, while real-time traffic analysis ensures consistent protection. Despite its strengths, improvements can be made in policy management and customization options. Users seek better integration with third-party tools and more competitive pricing models. The inclusion of AI for enhanced analytics is also anticipated.

What are the key features of Imperva Application Security Platform?
  • Correlated Attack Validation: Enhances threat assessment by linking related security events.
  • Threat Radar: Offers visibility into potential and ongoing threats.
  • Virtual Patching: Provides protection against vulnerabilities without immediate code changes.
  • IncapRules: Allows creation of custom security policies.
  • DDoS Protection: Defends against large-scale distributed denial-of-service attacks.
  • CDN Integration: Improves content delivery speed and reliability.
What benefits should users look for in reviews?
  • User-Friendly Administration: Simplifies setup and ongoing management tasks.
  • Seamless Integration: Ensures smooth operation with existing infrastructure.
  • Comprehensive Threat Protection: Shields digital assets from a wide range of threats.
  • Hands-On Support: Provides timely and effective customer service assistance.

Imperva Application Security Platform is implemented in industries needing strong database and application protection. Companies use it to enforce geolocation restrictions and manage bots, benefiting sectors like finance and e-commerce where data security and threat monitoring are critical. Its ability to protect and ensure data accessibility makes it integral to business operations prioritizing cyber resilience.

Imperva

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti
 

Sample Customers

Hitachi, BNZ, Bitstamp, Moz, InnoGames, BTCChina, Wix, LivePerson, Zillow and more.
Samsung, The Walt Disney Company, T-Systems, ING Bank
Buyer's Guide
Imperva Application Security Platform vs. Invicti
September 2025
Free Report: Imperva Application Security Platform vs. Invicti
Find out what your peers are saying about Imperva Application Security Platform vs. Invicti and other solutions. Updated: September 2025.
DOWNLOAD NOW
869,566 professionals have used our research since 2012.
See our Imperva Application Security Platform vs. Invicti report.
See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.