Try our new research platform with insights from 80,000+ expert users

Imperva Application Security Platform vs Invicti comparison

Imperva and Invicti are both solutions in the API Security category. Imperva is ranked #2 with an average rating of 8.4, while Invicti is ranked #9 with an average rating of 8.5. Imperva holds a 7.9% mindshare in APIS, compared to Invicti’s 2.7% mindshare. Additionally, 95% of Imperva users are willing to recommend the solution, compared to 96% of Invicti users who would recommend it.
Imperva Application Securit...
Read 133 Imperva Application Security Platform reviews
  • 9,706 Views
  • 582 Comparison Views
95% willing to recommend
Invicti
Read 31 Invicti reviews
  • 3,137 Views
  • 220 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 21, 2025

Invicti and Imperva Application Security Platform compete in the web application security domain. Invicti appears to have the upper hand in pricing and support, while Imperva's advanced features make it a strong contender for comprehensive security needs.

Features: Invicti boasts highly accurate automated scanning technology, seamless integration with development environments, and user-friendly interfaces. Conversely, Imperva provides advanced threat intelligence, robust protection mechanisms, and comprehensive security across applications.

Room for Improvement: Invicti could benefit from enhanced scanning speed, deeper data analytics, and improved threat intelligence reporting. Imperva could improve its user interface, simplify integration processes, and reduce the high initial deployment complexity.

Ease of Deployment and Customer Service: Invicti offers straightforward deployment with excellent customer support and user-friendly interfaces. Imperva, while offering more complex deployment, provides superior support and extensive resources to improve user experience, despite its initial configuration demands.

Pricing and ROI: Invicti is recognized for affordable setup costs and a straightforward pricing model, generating promising ROI. Though Imperva has higher initial costs due to its extensive features, it delivers substantial long-term ROI through robust threat protection, making the investment worthwhile for comprehensive security assurance.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Imperva Application Security Platform vs. Invicti Report (Updated: December 2025).
Buyer's Guide
Imperva Application Security Platform vs. Invicti
December 2025
Download the complete report
Helped 881,082 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Imperva Application Securit...
Ranking in API Security
2nd
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
133
Ranking in other categories
CDN (4th), Web Application Firewall (WAF) (4th), Distributed Denial-of-Service (DDoS) Protection (4th), Bot Management (1st)
Invicti
Ranking in API Security
9th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (11th), Container Security (25th), Software Composition Analysis (SCA) (8th), Dynamic Application Security Testing (DAST) (5th), Application Security Posture Management (ASPM) (5th)
 

Mindshare comparison

As of January 2026, in the API Security category, the mindshare of Imperva Application Security Platform is 7.9%, up from 3.9% compared to the previous year. The mindshare of Invicti is 2.7%, up from 2.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
API Security Market Share Distribution
ProductMarket Share (%)
Imperva Application Security Platform7.9%
Invicti2.7%
Other89.4%
API Security
 

Featured Reviews

reviewer1247523 - PeerSpot reviewer
reviewer1247523
Head of Sales Services Department at a comms service provider with 51-200 employees
Solution ensures website availability and proactive threat mitigation
Over the seven years, the most valuable features of Imperva DDoS that I have found are related to DDoS attacks, which are a group of attacks, and not all of them can be resolved on the endpoint level before the website. Using the web firewall before the website is a common use case to protect against malicious requests to the website. I have utilized Imperva's Intelligent Traffic Filtering feature. This feature helps me understand how the attack is progressing and what is happening inside the requests to our website. It allows me to granularly grant or deny access to certain parts of our website. This helps when we know our customers and the types of requests that can be sent from them, enabling us to block some malicious requests. Imperva DDoS has User Behavior Analytics and Threat Intelligence on its board, and this helps us to be protected proactively. Imperva DDoS connects to its database of threats, storing whole information about attacks all over the world in one simple engine. Everyone can use this feature, which can connect to this engine and get information about what is going on at the world level. That is the way to be protected at the company's level. The integration capabilities of Imperva DDoS are very easy and simple. We can run it in 2 hours.
Read full review
Valavan Sivgalingam - PeerSpot reviewer
Valavan Sivgalingam
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection."
"I am impressed with the product's scalability, availability, easy management, and security. We were able to integrate the product with Azure and Sentinel."
"The solution is stable."
"It has fewer false positives"
"One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise."
"Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code."
"The dynamic profiling of websites is the solution's most valuable feature. The security is also good."
"The stability of the product is good since I haven't had any problems with the solution."
More Imperva Application Security Platform pros
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"Invicti has done a commendable job with respect to ROI, and with respect to being a cost-effective solution and one of the market leaders as an effective solution for SAST and DAST, Invicti has performed very well."
"I would rate the stability as ten out of ten."
"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."
"The platform is stable."
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"The scanner and the result generator are valuable features for us."
More Invicti pros
 

Cons

"Sometimes, support tickets don't get addressed quickly."
"Sometimes our web application firewall will slow down."
"The solution needs to improve Integration with third parties for their on-prem deployment models. The integration is not that good yet."
"Pricing can be improved, as it is quite expensive."
"Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis."
"Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement."
"Imperva DDoS does not provide version control."
"The Imperva Web Application Firewall automations are good, but there is still room for improvement with them."
More Imperva Application Security Platform cons
"Maybe the ability to make a good reporting format is needed."
"Invicti's reporting capabilities need enhancement."
"The scanner itself should be improved because it is a little bit slow."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
"The solution needs to make a more specific report."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
More Invicti cons
 

Pricing and Cost Advice

"The cost of this solution depends on the platform."
"The tool is expensive."
"Pricing could be more competitive."
"Imperva charges us based on bandwidth, which is better than other vendors that charge us according to data transfer."
"It is expensive."
"The cost is somewhere around $10,000 a site. For every site, you pay individually. For every DNS entry, you have you pay."
"​Although the pricing can be a little high, it is worth the protection and security that it offers.​"
"It is a very expensive solution. The price is very high. A lot of customers tell us that they would love to use Imperva more. I have some customers who have 50 websites, but they have only 10 websites on Imperva because of the price. They would love to have all their websites running through Imperva, but they can't. They have to choose the more critical websites to protect because the price is very high. It is a very good product, but it is too expensive. If you buy a plan for 20 megabytes and you don't consume all of your 20 megabytes, it is okay, but if you consume more, you are charged for the superior traffic."
More Imperva Application Security Platform pricing and cost advice
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The price should be 20% lower"
"OWASP Zap is free and it has live updates, so that's a big plus."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"It is competitive in the security market."
"We never had any issues with the licensing; the price was within our assigned limits."
More Invicti pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which API Security solutions are best for your needs.
See recommendations
881,082 professionals have used our research since 2012.
 

Comparison Review

it_user68487 - PeerSpot reviewer
it_user68487
Security Expert with 51-200 employees
Nov 6, 2013
CloudFlare vs Incapsula: Web Application Firewall
CloudFlare vs Incapsula: Round 2 Web Application Firewall Comparative Penetration Testing Analysis Report v1.0 Summary This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web…
Read full review
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
17%
Computer Software Company
11%
Manufacturing Company
9%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business83
Midsize Enterprise25
Large Enterprise61
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
 

Questions from the Community

Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
Imperva is a strong choice, given their security focus and ongoing R&D into the product in areas such as bot management.
See all answers
What do you like most about Imperva Incapsula?
We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping.
See all answers
What is your experience regarding pricing and costs for Imperva DDoS?
The pricing, setup costs, and licensing of Imperva DDoS are reasonable for the amount of technical capabilities provided. I would rate the pricing of Imperva DDoS as five, where one is very cheap a...
See all answers
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...
See all answers
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...
See all answers
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...
See all answers
 

Comparisons

Cloudflare vs Imperva Application Security Platform Logo
Cloudflare vs Imperva Application Security Platform
Compared 13% of the time
Akamai vs Imperva Application Security Platform Logo
Akamai vs Imperva Application Security Platform
Compared 6% of the time
Fortinet FortiWeb vs Imperva Application Security Platform Logo
Fortinet FortiWeb vs Imperva Application Security Platform
Compared 6% of the time
F5 Advanced WAF vs Imperva Application Security Platform Logo
F5 Advanced WAF vs Imperva Application Security Platform
Compared 5% of the time
Microsoft Azure Application Gateway vs Imperva Application Security Platform Logo
Microsoft Azure Application Gateway vs Imperva Application Security Platform
Compared 4% of the time
More Imperva Application Security Platform Competitors
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 16% of the time
SonarQube vs Invicti Logo
SonarQube vs Invicti
Compared 8% of the time
Veracode vs Invicti Logo
Veracode vs Invicti
Compared 7% of the time
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
Compared 6% of the time
Rapid7 InsightAppSec vs Invicti Logo
Rapid7 InsightAppSec vs Invicti
Compared 6% of the time
More Invicti Competitors
 

Product Reports

Buyer's Guide
Imperva Application Security Platform
January 2026
Imperva Application Security Platform reportDownload Imperva Application Security Platform product report
Buyer's Guide
Invicti
January 2026
Invicti reportDownload Invicti product report
 

Also Known As

Imperva Bot Management, Imperva Web Application Firewall, Imperva API Security
Netsparker
 

Overview

Imperva Application Security Platform delivers comprehensive and continuous web threat protection. Renowned for its ease of use, it shields web applications and databases from various cyber threats while integrating seamlessly with cloud and on-premises environments.

Imperva Application Security Platform protects web environments by offering advanced security measures against threats like DDoS attacks, SQL injections, and cross-site scripting. As a robust web application firewall, it provides extensive monitoring and bot management capabilities. The platform integrates content delivery networks for enhanced performance and scalability, while real-time traffic analysis ensures consistent protection. Despite its strengths, improvements can be made in policy management and customization options. Users seek better integration with third-party tools and more competitive pricing models. The inclusion of AI for enhanced analytics is also anticipated.

What are the key features of Imperva Application Security Platform?
  • Correlated Attack Validation: Enhances threat assessment by linking related security events.
  • Threat Radar: Offers visibility into potential and ongoing threats.
  • Virtual Patching: Provides protection against vulnerabilities without immediate code changes.
  • IncapRules: Allows creation of custom security policies.
  • DDoS Protection: Defends against large-scale distributed denial-of-service attacks.
  • CDN Integration: Improves content delivery speed and reliability.
What benefits should users look for in reviews?
  • User-Friendly Administration: Simplifies setup and ongoing management tasks.
  • Seamless Integration: Ensures smooth operation with existing infrastructure.
  • Comprehensive Threat Protection: Shields digital assets from a wide range of threats.
  • Hands-On Support: Provides timely and effective customer service assistance.

Imperva Application Security Platform is implemented in industries needing strong database and application protection. Companies use it to enforce geolocation restrictions and manage bots, benefiting sectors like finance and e-commerce where data security and threat monitoring are critical. Its ability to protect and ensure data accessibility makes it integral to business operations prioritizing cyber resilience.

Imperva

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti
 

Sample Customers

Hitachi, BNZ, Bitstamp, Moz, InnoGames, BTCChina, Wix, LivePerson, Zillow and more.
Samsung, The Walt Disney Company, T-Systems, ING Bank
Buyer's Guide
Imperva Application Security Platform vs. Invicti
December 2025
Free Report: Imperva Application Security Platform vs. Invicti
Find out what your peers are saying about Imperva Application Security Platform vs. Invicti and other solutions. Updated: December 2025.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
See our Imperva Application Security Platform vs. Invicti report.
See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.