Try our new research platform with insights from 80,000+ expert users

Imperva Application Security Platform vs Invicti comparison

Imperva and Invicti are both solutions in the API Security category. Imperva is ranked #2 with an average rating of 8.3, while Invicti is ranked #8 with an average rating of 8.5. Imperva holds a 9.3% mindshare in APIS, compared to Invicti’s 3.0% mindshare. Additionally, 95% of Imperva users are willing to recommend the solution, compared to 96% of Invicti users who would recommend it.
Imperva Application Securit...
Read 135 Imperva Application Security Platform reviews
  • 11,377 Views
  • 796 Comparison Views
95% willing to recommend
Invicti
Read 31 Invicti reviews
  • 3,717 Views
  • 297 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 22, 2026

Invicti and Imperva compete in application security, with Invicti favored for pricing and support, while Imperva is noted for its feature set that justifies its price.

Features: Invicti excels in efficient vulnerability detection, seamless integration, and user-friendly design, enhancing security assessments. Imperva's strengths lie in advanced threat intelligence, real-time monitoring, and wide-ranging protection against web threats.

Room for Improvement: Invicti can enhance performance during extensive full scans and improve intermittent result accuracy. Imperva could benefit from simplifying its setup process, reducing initial complexity, and enhancing report customization options.

Ease of Deployment and Customer Service: Invicti is notable for its straightforward deployment and dependable support. Imperva, while involving a more intricate setup, provides robust documentation and extensive training resources, supporting a comprehensive customer service framework.

Pricing and ROI: Invicti offers an attractive pricing model with efficient returns, appealing to budget-conscious organizations. Imperva, although having a higher initial cost, delivers significant long-term value via extensive security features, representing a strategic investment for those seeking comprehensive security benefits.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Imperva Application Security Platform vs. Invicti Report (Updated: February 2026).
Buyer's Guide
Imperva Application Security Platform vs. Invicti
February 2026
Download the complete report
Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Imperva Application Securit...
Ranking in API Security
2nd
Average Rating
8.6
Reviews Sentiment
7.0
Number of Reviews
135
Ranking in other categories
CDN (3rd), Web Application Firewall (WAF) (3rd), Distributed Denial-of-Service (DDoS) Protection (4th), Bot Management (1st)
Invicti
Ranking in API Security
8th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (11th), Container Security (25th), Software Composition Analysis (SCA) (8th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (5th)
 

Mindshare comparison

As of March 2026, in the API Security category, the mindshare of Imperva Application Security Platform is 9.3%, up from 4.5% compared to the previous year. The mindshare of Invicti is 3.0%, up from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
API Security Mindshare Distribution
ProductMindshare (%)
Imperva Application Security Platform9.3%
Invicti3.0%
Other87.7%
API Security
 

Featured Reviews

reviewer1247523 - PeerSpot reviewer
reviewer1247523
Head of Sales Services Department at a comms service provider with 51-200 employees
Solution ensures website availability and proactive threat mitigation
Over the seven years, the most valuable features of Imperva DDoS that I have found are related to DDoS attacks, which are a group of attacks, and not all of them can be resolved on the endpoint level before the website. Using the web firewall before the website is a common use case to protect against malicious requests to the website. I have utilized Imperva's Intelligent Traffic Filtering feature. This feature helps me understand how the attack is progressing and what is happening inside the requests to our website. It allows me to granularly grant or deny access to certain parts of our website. This helps when we know our customers and the types of requests that can be sent from them, enabling us to block some malicious requests. Imperva DDoS has User Behavior Analytics and Threat Intelligence on its board, and this helps us to be protected proactively. Imperva DDoS connects to its database of threats, storing whole information about attacks all over the world in one simple engine. Everyone can use this feature, which can connect to this engine and get information about what is going on at the world level. That is the way to be protected at the company's level. The integration capabilities of Imperva DDoS are very easy and simple. We can run it in 2 hours.
Read full review
Valavan Sivgalingam - PeerSpot reviewer
Valavan Sivgalingam
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Great product, it will not let you down!"
"It is easy to use and has good security."
"Bad-IP blocking and signature-based blocking for web application security."
"Basic setup is simple but, as with any caching/WAF setup, there are tricks you need to learn, but it works really nice out of the box!"
"There is a quick switch between any of the the nodes if something goes wrong, where there's a there's an attack against a specific area. The security setup is reasonably easy. It's not a problem to do setups and rules and integrations. And, yeah, just the the back end team is also very willing to insist if there's questions that that we cannot answer or with these questions that we do have"
"The main benefit is the use case my clients find valuable, because for the product and security there is good API inspection, and if any abnormal API appears or there are any similarities due to changes, the API security features will catch that so allowed APIs will get access while others will be blocked."
"The solution integrates seamlessly with other tools and has a good alert mechanism."
"Data masking is the most valuable feature of this solution."
More Imperva Application Security Platform pros
"The scanner and the result generator are valuable features for us."
"Invicti is a good product, and its API testing is also good."
"I would rate the stability as ten out of ten."
"I like that it's stable and technical support is great."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"Technical support is very professional, 10/10."
"High level of accuracy and quick scanning."
More Invicti pros
 

Cons

"The signature updates could be faster. Sometimes we have to upload signatures to the Imperva portal for checking and analysis before we can use them."
"Imperva Web Application Firewall could improve the API integration. It was complex for us. Additionally, The onboarding could be better."
"Management of policies and rules can be complicated and the physical setup of the product has implications on HA."
"The user interface could be better."
"Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved."
"Its price could be improved. It is quite expensive. It will be good if we could export the configuration. Currently, to control the configuration, we need to go to each website, which is not very convenient."
"HTML minification could be improved. The actual HTML minification does not provide the maximum HTML minification nor provides the best result."
"I needed some support and according to the SLA I couldn’t get telephone support and it took a little while till they got back to me."
More Imperva Application Security Platform cons
"Netsparker doesn't provide the source code of the static application security testing."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"They could enhance the support for data swap testing for the platform."
"The support's response time could be faster since we are in different time zones."
"Invicti takes too long with big applications, and there are issues with the login portal."
"Maybe the ability to make a good reporting format is needed."
"Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes."
More Invicti cons
 

Pricing and Cost Advice

"Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF."
"The solution's price is high for small companies."
"It's an excellent product, but it can be very costly."
"For enterprise contracts you will be in touch with a dedicated account manager who will guide you regarding licensing."
"There are a couple of different licensing models."
"​Although the pricing can be a little high, it is worth the protection and security that it offers.​"
"The data packages are higher than our needs so we end up paying for data that we don't use."
"Imperva Web Application Firewall is expensive."
More Imperva Application Security Platform pricing and cost advice
"The price should be 20% lower"
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"OWASP Zap is free and it has live updates, so that's a big plus."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"It is competitive in the security market."
"We never had any issues with the licensing; the price was within our assigned limits."
More Invicti pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which API Security solutions are best for your needs.
See recommendations
884,873 professionals have used our research since 2012.
 

Comparison Review

it_user68487 - PeerSpot reviewer
it_user68487
Security Expert with 51-200 employees
Nov 6, 2013
CloudFlare vs Incapsula: Web Application Firewall
CloudFlare vs Incapsula: Round 2 Web Application Firewall Comparative Penetration Testing Analysis Report v1.0 Summary This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
9%
Comms Service Provider
6%
Financial Services Firm
15%
Manufacturing Company
9%
Computer Software Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business84
Midsize Enterprise25
Large Enterprise62
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
 

Questions from the Community

Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
Imperva is a strong choice, given their security focus and ongoing R&D into the product in areas such as bot management.
See all answers
What is your experience regarding pricing and costs for Imperva DDoS?
The pricing, setup costs, and licensing of Imperva DDoS are reasonable for the amount of technical capabilities provided. I would rate the pricing of Imperva DDoS as five, where one is very cheap a...
See all answers
What needs improvement with Imperva DDoS?
I would like to see improvements in the pooling of threats and attacks, possibly to enlarge the scale of indicators of compromise. For example, the initiation of an attack on the endpoint level cou...
See all answers
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...
See all answers
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...
See all answers
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...
See all answers
 

Comparisons

Cloudflare vs Imperva Application Security Platform Logo
Cloudflare vs Imperva Application Security Platform
Compared 11% of the time
Fortinet FortiWeb vs Imperva Application Security Platform Logo
Fortinet FortiWeb vs Imperva Application Security Platform
Compared 6% of the time
Akamai vs Imperva Application Security Platform Logo
Akamai vs Imperva Application Security Platform
Compared 6% of the time
F5 Advanced WAF vs Imperva Application Security Platform Logo
F5 Advanced WAF vs Imperva Application Security Platform
Compared 3% of the time
AWS WAF vs Imperva Application Security Platform Logo
AWS WAF vs Imperva Application Security Platform
Compared 3% of the time
More Imperva Application Security Platform Competitors
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 9% of the time
Veracode vs Invicti Logo
Veracode vs Invicti
Compared 8% of the time
SonarQube vs Invicti Logo
SonarQube vs Invicti
Compared 6% of the time
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
Compared 5% of the time
Rapid7 InsightAppSec vs Invicti Logo
Rapid7 InsightAppSec vs Invicti
Compared 4% of the time
More Invicti Competitors
 

Product Reports

Buyer's Guide
Imperva Application Security Platform
March 2026
Imperva Application Security Platform reportDownload Imperva Application Security Platform product report
Buyer's Guide
Invicti
March 2026
Invicti reportDownload Invicti product report
 

Also Known As

Imperva Bot Management, Imperva Web Application Firewall, Imperva API Security
Netsparker
 

Overview

Imperva Application Security Platform delivers comprehensive and continuous web threat protection. Renowned for its ease of use, it shields web applications and databases from various cyber threats while integrating seamlessly with cloud and on-premises environments.

Imperva Application Security Platform protects web environments by offering advanced security measures against threats like DDoS attacks, SQL injections, and cross-site scripting. As a robust web application firewall, it provides extensive monitoring and bot management capabilities. The platform integrates content delivery networks for enhanced performance and scalability, while real-time traffic analysis ensures consistent protection. Despite its strengths, improvements can be made in policy management and customization options. Users seek better integration with third-party tools and more competitive pricing models. The inclusion of AI for enhanced analytics is also anticipated.

What are the key features of Imperva Application Security Platform?
  • Correlated Attack Validation: Enhances threat assessment by linking related security events.
  • Threat Radar: Offers visibility into potential and ongoing threats.
  • Virtual Patching: Provides protection against vulnerabilities without immediate code changes.
  • IncapRules: Allows creation of custom security policies.
  • DDoS Protection: Defends against large-scale distributed denial-of-service attacks.
  • CDN Integration: Improves content delivery speed and reliability.
What benefits should users look for in reviews?
  • User-Friendly Administration: Simplifies setup and ongoing management tasks.
  • Seamless Integration: Ensures smooth operation with existing infrastructure.
  • Comprehensive Threat Protection: Shields digital assets from a wide range of threats.
  • Hands-On Support: Provides timely and effective customer service assistance.

Imperva Application Security Platform is implemented in industries needing strong database and application protection. Companies use it to enforce geolocation restrictions and manage bots, benefiting sectors like finance and e-commerce where data security and threat monitoring are critical. Its ability to protect and ensure data accessibility makes it integral to business operations prioritizing cyber resilience.

Imperva

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti
 

Sample Customers

Hitachi, BNZ, Bitstamp, Moz, InnoGames, BTCChina, Wix, LivePerson, Zillow and more.
Samsung, The Walt Disney Company, T-Systems, ING Bank
Buyer's Guide
Imperva Application Security Platform vs. Invicti
February 2026
Free Report: Imperva Application Security Platform vs. Invicti
Find out what your peers are saying about Imperva Application Security Platform vs. Invicti and other solutions. Updated: February 2026.
DOWNLOAD NOW
884,873 professionals have used our research since 2012.
See our Imperva Application Security Platform vs. Invicti report.
See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.