Invicti vs Onapsis comparison

The compared Invicti and Onapsis solutions aren't in the same category. Invicti is ranked #4 in DAST , with an average rating of 8.5, and holds a 8.5% mindshare in the category. Onapsis is ranked #35 in AS , and holds a 0.9% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 100% of Onapsis users who would recommend it.

Invicti

Read 31 Invicti reviews

5,734 Views
1,491 Comparison Views

96% willing to recommend

Onapsis

Read 1 Onapsis review

1,443 Views
1,356 Comparison Views

100% willing to recommend

Invicti

Onapsis

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Invicti and Onapsis based on real PeerSpot user reviews.

Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Dynamic Application Security Testing (DAST).

To learn more, read our detailed Dynamic Application Security Testing (DAST) Report (Updated: June 2026).

Buyer's Guide

Dynamic Application Security Testing (DAST)

June 2026

Download the complete report

Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Invicti

Average Rating

8.2

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (10th), Container Security (25th), Software Composition Analysis (SCA) (8th), API Security (9th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (6th)

Onapsis

Average Rating

8.0

Number of Reviews

Ranking in other categories

Application Security Tools (35th)

Mindshare comparison

Invicti and Onapsis aren’t in the same category and serve different purposes. Invicti is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 8.5%, up 6.7% compared to last year.
Onapsis, on the other hand, focuses on Application Security Tools, holds 0.9% mindshare, up 0.2% since last year.

Dynamic Application Security Testing (DAST) Mindshare Distribution
Product	Mindshare (%)
Invicti	8.5%
Veracode	14.8%
Checkmarx One	14.4%
Other	62.3%

Dynamic Application Security Testing (DAST)

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
Onapsis	0.9%
SonarQube	12.7%
Checkmarx One	8.3%
Other	78.1%

Application Security Tools

Featured Reviews

PrashantUppuluri

Solution Architect at a tech services company with 51-200 employees

Automated scanning has strengthened web application security and supports hybrid protection

A good scanning engine is what I appreciate about Invicti. When you want to find out the vulnerabilities within your web applications, Invicti has done a thorough job with respect to filtering out the vulnerabilities and identifying the risk factors with respect to the security modules within the solution. Invicti does have a segment of the solution which works on the automated scanning engine. As long as the license is active, the scanners that work within the solution are pretty effective. With respect to SAST and DAST, being a real-time scanning engine is one of the portfolios and one of the selling factors of the solution. Invicti is known to be a solution that works within the hybrid environment, be it cloud, on-premises, or a mix and match across multiple marketplaces. It does a thorough job. Most importantly, Invicti is a very good SAST and DAST solution that is very competitive in the market with respect to competitors. Invicti is a part of the Magic Quadrant with respect to Gartner's Magic Quadrant and has made a very good customer database and pipeline within the marketplace locally. With respect to security impacts in terms of support, Invicti is pretty much supportive. With respect to use cases or the POCs I have run on the solution, we have identified a couple of vulnerabilities and Invicti was able to trace them, detect, and quarantine the attacks.

Read full review

it_user19113

SAP Security Consulting Engineer at a computer software company with 10,001+ employees

It checks for and reports vulnerabilities on all SAP systems at the OS, DB and SAP levels.

I really love how Onapsis X1 is able to check SAP for threats; the reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience. Currently, it takes some background jobs and additional work to get them published. It was difficult to get interactive reports to the different levels of the business. I would have to download them and send them out, or save them on my SharePoint site and send out a weekly link. In the version of the product I was usingת I had to log into the X1 system directly to get to the reports. Reporting would be used by several different areas of the organizationת many of whom would be at the director and executive levels. It would not make sense to have them log directly into the tool to look at these reports. Add to this that there was only one ID that could be used to log in and view the reports. To solve this problemת I had to run all of the different reports; executive summary down to detailed analysis and then export them out to my security team SharePoint site. To automate this processת a batch script was created to run after the X1 analyzed the systems. The script would pull the reports and place them in the SharePoint site automatically, but it was a bit of a hassle to get set up.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."

"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."

"I would rate the stability as ten out of ten."

"NetSparker is a very easy to use and understand product."

"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."

"Netsparker has done an awesome job with its crawler, as it has found all of the links (also thanks to its good DOM parser)."

"The scanner is light on the network and does not impact the network when scans are running."

"Invicti has done a commendable job with respect to ROI, and with respect to being a cost-effective solution and one of the market leaders as an effective solution for SAST and DAST, Invicti has performed very well."

More Invicti pros

"It has hardened our SAP system by providing details of vulnerabilities in our SAP landscape."

Cons

"I find that the scannings are not sufficiently updated."

"Currently, there is nothing I would like to improve."

"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."

"The scanning time, complexity, and authentication features of Invicti could be improved."

"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"

"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."

"Maybe the ability to make a good reporting format is needed."

"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."

More Invicti cons

"Reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience."

Pricing and Cost Advice

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"OWASP Zap is free and it has live updates, so that's a big plus."

"We never had any issues with the licensing; the price was within our assigned limits."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"It is competitive in the security market."

More Invicti pricing and cost advice

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.

See recommendations

900,644 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

10%

Computer Software Company

Construction Company

Energy/Utilities Company

16%

Construction Company

13%

University

13%

Outsourcing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	14
Midsize Enterprise	4
Large Enterprise	13

No data available

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...

See all answers

What needs improvement with Invicti?

At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...

See all answers

What is your primary use case for Invicti?

I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...

See all answers

Ask a question

Earn 20 points

Comparisons

Veracode vs Invicti

Compared 8% of the time

Acunetix vs Invicti

Compared 7% of the time

OpenText Dynamic Application Security Testing vs Invicti

Compared 6% of the time

SonarQube vs Invicti

Compared 5% of the time

Snyk vs Invicti

Compared 4% of the time

More Invicti Competitors

SonarQube vs Onapsis

Compared 14% of the time

ERPScan SMART Cybersecurity Platform vs Onapsis

Compared 13% of the time

Nullify vs Onapsis

Compared 12% of the time

Qualys Web Application Scanning vs Onapsis

Compared 8% of the time

OpenText Core Application Security vs Onapsis

Compared 6% of the time

More Onapsis Competitors

Product Reports

Buyer's Guide

Invicti

June 2026

Download Invicti product report

Buyer's Guide

Application Security Tools

June 2026

Download Onapsis product report

Also Known As

Netsparker

No data available

Overview

Invicti offers advanced web application security testing focused on identifying vulnerabilities like SQL injection and cross-site scripting. Its Proof-Based Scanning minimizes false positives and integrates seamlessly with CI/CD pipelines, making it an effective tool for enterprise environments.

Invicti provides comprehensive scanning capabilities that include detecting and verifying critical vulnerabilities and security data consolidation. Its scalable scanning engine and robust API support allow for flexible testing across diverse environments, including web and API testing. Despite some drawbacks like limited single sign-on integration and slow scanning speeds for large applications, Invicti remains a popular choice for automating security assessments, ensuring compliance with standards like OWASP Top 10, PCI DSS, and GDPR.

What are the key features of Invicti?

Comprehensive Vulnerability Scanning: Detects vulnerabilities like SQL injection and XSS.
Proof-Based Scanning: Confirms exploitability and reduces false positives.
CI/CD Integration: Seamlessly integrates with development pipelines.
Security Data Consolidation: Centralizes data for better insights.
User-Friendly Interface: Facilitates easy analysis and reporting.
Scalable Scanning Engine: Supports testing in enterprise environments.
Robust API Support: Enhances flexibility in testing.

What benefits and ROI should users look for in reviews?

Proactive Security: Actively identifies and verifies vulnerabilities to prevent breaches.
Regulatory Compliance: Helps maintain compliance with standards like PCI DSS and GDPR.
Efficient Vulnerability Management: Aids in prioritizing remediation efforts.
Integration Capabilities: Streamlines processes with CI/CD pipeline compatibility.

In industries like finance, healthcare, and e-commerce, Invicti is implemented to bolster security through automated vulnerability assessments. Its ability to provide insightful reports and remediation suggestions assists companies in efficiently managing security risks and achieving compliance with critical regulatory standards.

Invicti

Onapsis provides cybersecurity and compliance solutions for critical business applications. It focuses on enhancing security by detecting vulnerabilities and ensuring compliance with industry regulations.

Organizations increasingly rely on Onapsis to protect their business applications from potential threats. Designed to detect and mitigate threats in real-time, it ensures business continuity by integrating with existing security frameworks. Its platform offers robust insights into vulnerabilities, enabling proactive response and management of security policies tailored to enterprise needs.

What are the key features of Onapsis?

Vulnerability Management: Identifies and reports critical risks within business applications.
Compliance Automation: Ensures adherence to regulatory standards.
Real-time Threat Monitoring: Provides continuous surveillance for immediate response.
Integration Capabilities: Seamlessly works with existing IT infrastructure.

What benefits and ROI should you expect?

Improved Security Posture: Enhanced protection for critical assets reduces risks.
Operational Efficiency: Streamlined processes lead to better resource allocation.
Risk Mitigation: Proactive threat identification prevents potential breaches.
Regulatory Compliance: Automated compliance reduces audit preparation time and costs.

Onapsis is implemented across industries like finance, healthcare, and manufacturing to secure ERP systems. Its role in protecting core business applications aligns with the industry-specific needs of securing sensitive data and maintaining compliance with sector regulations.

Onapsis

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Sony, US Army, Westinghouse, AXA. Galicia, Daimler, Roche, Levi's, Siemens, ABB, KPMG, Mercardo Libre, Verizon, Bacardi, Adgas, Sicpa, Whirlpool, Leaseplan

Buyer's Guide

Dynamic Application Security Testing (DAST)

June 2026

Download Free Report

Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Dynamic Application Security Testing (DAST). Updated: June 2026.

DOWNLOAD NOW

900,644 professionals have used our research since 2012.

We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.