No more typing reviews! Try our Samantha, our new voice AI agent.

Invicti vs NGINX App Protect comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 4, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Invicti
Ranking in Container Security
26th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (12th), Software Composition Analysis (SCA) (10th), API Security (10th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (8th)
NGINX App Protect
Ranking in Container Security
28th
Average Rating
8.2
Reviews Sentiment
6.4
Number of Reviews
27
Ranking in other categories
Web Application Firewall (WAF) (19th), API Security (8th)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Invicti is 1.0%, up from 0.3% compared to the previous year. The mindshare of NGINX App Protect is 0.6%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.5%
Invicti1.0%
NGINX App Protect0.6%
Other96.9%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Valavan Sivgalingam - PeerSpot reviewer
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Valerio Guaglianone - PeerSpot reviewer
Dev Ops Engineer at adesso AG
Long-term web protection has supported reliable traffic management but needs a simpler interface
NGINX App Protect is a good product. I have used both versions from F5 -also the free version- (I mean the NGINX/NGINX One/App Protect free trial period), and I think it is a good product. It's stable, affordable, and easy to manage. NGINX App Protect is a comprehensive security solution that combines advanced WAF, DoS protection, API security, and DevSecOps automation in a lightweight, scalable package ideal for modern cloud-native architectures. The adaptive machine learning capabilities are truly commendable, as the solution can establish traffic baselines and detect anomalies in real time. It automatically adjusts security policies, minimizing the need for manual intervention and reducing false positives. Additionally, it supports scalable deployment across diverse environments, including on-premises, cloud, Kubernetes, and containers, offering both flexibility and scalability I have experience with the web server, F5 load balancer, and similar products provided by Ergon, for eg. the web application firewall and the Microgateway for K8S. I'm also familiar with F5 BIG-IP products.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"Its dashboards are brilliant. It provides in-depth insights."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."
"I would rate the stability as ten out of ten."
"The scanner and the result generator are valuable features for us."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"OWASP Zap is free and it has live updates, so that's a big plus."
"It is a very good tool."
"Technical support is very professional, 10/10."
"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The tool's most valuable feature is the OWASP certification. Additionally, the tool's ability to enforce strong passwords and OTP within minutes is impressive. With its analytics and recommendations, it is a very good solution."
"It is a stable solution."
"We use NGINX for security headers, and as a proxy; it is also a very good tool for load balancing."
"Based on my experience, this solution is better than the other choices on the market."
"The policies are flexible based on the technologies you use."
"We have seen a return on investment using NGINX App Protect."
"There's a cache, or it works like a proxy, so it can speed up applications."
"The most valuable feature of NGINX App Protect is the reverse proxy."
 

Cons

"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"There is a lack of data segregation according to criticality or inventory."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"I find that the scannings are not sufficiently updated."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"Right now, they are missing the static application security part, especially web application security."
"Improvement could be made in the area of production."
"The support's response time could be faster since we are in different time zones."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted."
"Its technical support could be better."
"The support from NGINX App Protect is too expensive."
"NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution."
"The price of NGINX App Protect could improve."
"The solution needs to be improved in the e-commerce portal."
"I think NGINX App Protect could be improved by having it come out of the box with NGINX."
"I encountered issues with NGINX App Protect while trying to upgrade custom rules."
"This solution is not really scalable. Both the virtual appliance and the physical appliance are limited in terms of how much traffic they can handle."
 

Pricing and Cost Advice

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"OWASP Zap is free and it has live updates, so that's a big plus."
"We never had any issues with the licensing; the price was within our assigned limits."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"It is competitive in the security market."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"The price should be 20% lower"
"There are no additional fees."
"The pricing is reasonable because NGINX operates on an instance basis."
"Really understand the licensing model, because we underestimated that."
"There are not any additional costs we had to pay to use NGINX App Protect."
"The price of NGINX App Protect is not much different from the products that fall under the leader category of Gartner Magic Quadrant."
"The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."
"The solution's price is reasonable."
"NGINX App Protect is expensive."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
9%
Construction Company
7%
Computer Software Company
7%
Financial Services Firm
13%
Comms Service Provider
13%
Computer Software Company
8%
Construction Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise13
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150...
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-t...
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with r...
What is your experience regarding pricing and costs for NGINX App Protect?
I will not be able to answer about my experience with pricing, setup cost, and licensing for NGINX App Protect, as so...
What needs improvement with NGINX App Protect?
I did not face any issues with NGINX App Protect. The only issue that we had is that someone was trying to install th...
What is your primary use case for NGINX App Protect?
I have been dealing with NGINX App Protect and the WAF policy. I usually recommend NGINX App Protect for banking and ...
 

Also Known As

Qualys TotalCloud with FlexScan
Netsparker
NGINX WAF, NGINX Web Application Firewall
 

Overview

 

Sample Customers

Information Not Available
Samsung, The Walt Disney Company, T-Systems, ING Bank
Information Not Available
Find out what your peers are saying about Invicti vs. NGINX App Protect and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.