No more typing reviews! Try our Samantha, our new voice AI agent.

Invicti vs Onapsis comparison

The compared Invicti and Onapsis solutions aren't in the same category. Invicti is ranked #4 in DAST , with an average rating of 8.5, and holds a 8.5% mindshare in the category. Onapsis is ranked #36 in AS , and holds a 0.9% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 100% of Onapsis users who would recommend it.
Invicti
Read 31 Invicti reviews
  • 5,070 Views
  • 1,268 Comparison Views
96% willing to recommend
Onapsis
Read 1 Onapsis review
  • 1,269 Views
  • 1,180 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Invicti and Onapsis based on real PeerSpot user reviews.

Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Dynamic Application Security Testing (DAST).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Dynamic Application Security Testing (DAST) Report (Updated: May 2026).
Buyer's Guide
Dynamic Application Security Testing (DAST)
May 2026
Download the complete report
Helped 893,164 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Invicti
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (10th), Container Security (24th), Software Composition Analysis (SCA) (8th), API Security (9th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (5th)
Onapsis
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
Application Security Tools (36th)
 

Mindshare comparison

Invicti and Onapsis aren’t in the same category and serve different purposes. Invicti is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 8.5%, up 6.9% compared to last year.
Onapsis, on the other hand, focuses on Application Security Tools, holds 0.9% mindshare, up 0.2% since last year.
Dynamic Application Security Testing (DAST) Mindshare Distribution
ProductMindshare (%)
Invicti8.5%
Veracode15.7%
Checkmarx One15.0%
Other60.8%
Dynamic Application Security Testing (DAST)
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Onapsis0.9%
SonarQube13.6%
Checkmarx One8.8%
Other76.7%
Application Security Tools
 

Featured Reviews

Valavan Sivgalingam - PeerSpot reviewer
Valavan Sivgalingam
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Read full review
it_user19113 - PeerSpot reviewer
it_user19113
SAP Security Consulting Engineer at a computer software company with 10,001+ employees
It checks for and reports vulnerabilities on all SAP systems at the OS, DB and SAP levels.
I really love how Onapsis X1 is able to check SAP for threats; the reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience. Currently, it takes some background jobs and additional work to get them published. It was difficult to get interactive reports to the different levels of the business. I would have to download them and send them out, or save them on my SharePoint site and send out a weekly link. In the version of the product I was usingת I had to log into the X1 system directly to get to the reports. Reporting would be used by several different areas of the organizationת many of whom would be at the director and executive levels. It would not make sense to have them log directly into the tool to look at these reports. Add to this that there was only one ID that could be used to log in and view the reports. To solve this problemת I had to run all of the different reports; executive summary down to detailed analysis and then export them out to my security team SharePoint site. To automate this processת a batch script was created to run after the X1 analyzed the systems. The script would pull the reports and place them in the SharePoint site automatically, but it was a bit of a hassle to get set up.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"High level of accuracy and quick scanning."
"OWASP Zap is free and it has live updates, so that's a big plus."
"Technical support is very professional, 10/10."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
More Invicti pros
"It has hardened our SAP system by providing details of vulnerabilities in our SAP landscape."
 

Cons

"The scannings are not sufficiently updated."
"They could enhance the support for data swap testing for the platform."
"I think that it freezes without any specific reason at times."
"The support's response time could be faster since we are in different time zones."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"When scanning a large web-based application, it tends to process slow and takes a long time especially on crawling and attacking part."
"Right now, they are missing the static application security part, especially web application security."
"The scanner itself should be improved because it is a little bit slow."
More Invicti cons
"Reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience."
 

Pricing and Cost Advice

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"We never had any issues with the licensing; the price was within our assigned limits."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"The price should be 20% lower"
"OWASP Zap is free and it has live updates, so that's a big plus."
"It is competitive in the security market."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
More Invicti pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
See recommendations
893,164 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
7%
Government
6%
Energy/Utilities Company
16%
University
13%
Construction Company
11%
Outsourcing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...
See all answers
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...
See all answers
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Veracode vs Invicti Logo
Veracode vs Invicti
Compared 9% of the time
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 8% of the time
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
Compared 5% of the time
SonarQube vs Invicti Logo
SonarQube vs Invicti
Compared 5% of the time
Snyk vs Invicti Logo
Snyk vs Invicti
Compared 4% of the time
More Invicti Competitors
SonarQube vs Onapsis Logo
SonarQube vs Onapsis
Compared 14% of the time
ERPScan SMART Cybersecurity Platform vs Onapsis Logo
ERPScan SMART Cybersecurity Platform vs Onapsis
Compared 13% of the time
Nullify vs Onapsis Logo
Nullify vs Onapsis
Compared 12% of the time
Qualys Web Application Scanning vs Onapsis Logo
Qualys Web Application Scanning vs Onapsis
Compared 8% of the time
Klocwork vs Onapsis Logo
Klocwork vs Onapsis
Compared 6% of the time
More Onapsis Competitors
 

Product Reports

Buyer's Guide
Invicti
April 2026
Invicti reportDownload Invicti product report
Buyer's Guide
Application Security Tools
April 2026
Onapsis reportDownload Onapsis product report
 

Also Known As

Netsparker
No data available
 

Overview

Invicti offers advanced web application security testing focused on identifying vulnerabilities like SQL injection and cross-site scripting. Its Proof-Based Scanning minimizes false positives and integrates seamlessly with CI/CD pipelines, making it an effective tool for enterprise environments.

Invicti provides comprehensive scanning capabilities that include detecting and verifying critical vulnerabilities and security data consolidation. Its scalable scanning engine and robust API support allow for flexible testing across diverse environments, including web and API testing. Despite some drawbacks like limited single sign-on integration and slow scanning speeds for large applications, Invicti remains a popular choice for automating security assessments, ensuring compliance with standards like OWASP Top 10, PCI DSS, and GDPR.

What are the key features of Invicti?
  • Comprehensive Vulnerability Scanning: Detects vulnerabilities like SQL injection and XSS.
  • Proof-Based Scanning: Confirms exploitability and reduces false positives.
  • CI/CD Integration: Seamlessly integrates with development pipelines.
  • Security Data Consolidation: Centralizes data for better insights.
  • User-Friendly Interface: Facilitates easy analysis and reporting.
  • Scalable Scanning Engine: Supports testing in enterprise environments.
  • Robust API Support: Enhances flexibility in testing.
What benefits and ROI should users look for in reviews?
  • Proactive Security: Actively identifies and verifies vulnerabilities to prevent breaches.
  • Regulatory Compliance: Helps maintain compliance with standards like PCI DSS and GDPR.
  • Efficient Vulnerability Management: Aids in prioritizing remediation efforts.
  • Integration Capabilities: Streamlines processes with CI/CD pipeline compatibility.

In industries like finance, healthcare, and e-commerce, Invicti is implemented to bolster security through automated vulnerability assessments. Its ability to provide insightful reports and remediation suggestions assists companies in efficiently managing security risks and achieving compliance with critical regulatory standards.

Invicti

Onapsis provides cybersecurity and compliance solutions for critical business applications. It focuses on enhancing security by detecting vulnerabilities and ensuring compliance with industry regulations.

Organizations increasingly rely on Onapsis to protect their business applications from potential threats. Designed to detect and mitigate threats in real-time, it ensures business continuity by integrating with existing security frameworks. Its platform offers robust insights into vulnerabilities, enabling proactive response and management of security policies tailored to enterprise needs.

What are the key features of Onapsis?
  • Vulnerability Management: Identifies and reports critical risks within business applications.
  • Compliance Automation: Ensures adherence to regulatory standards.
  • Real-time Threat Monitoring: Provides continuous surveillance for immediate response.
  • Integration Capabilities: Seamlessly works with existing IT infrastructure.
What benefits and ROI should you expect?
  • Improved Security Posture: Enhanced protection for critical assets reduces risks.
  • Operational Efficiency: Streamlined processes lead to better resource allocation.
  • Risk Mitigation: Proactive threat identification prevents potential breaches.
  • Regulatory Compliance: Automated compliance reduces audit preparation time and costs.

Onapsis is implemented across industries like finance, healthcare, and manufacturing to secure ERP systems. Its role in protecting core business applications aligns with the industry-specific needs of securing sensitive data and maintaining compliance with sector regulations.

Onapsis
 

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank
Sony, US Army, Westinghouse, AXA. Galicia, Daimler, Roche, Levi's, Siemens, ABB, KPMG, Mercardo Libre, Verizon, Bacardi, Adgas, Sicpa, Whirlpool, Leaseplan
Buyer's Guide
Dynamic Application Security Testing (DAST)
May 2026
Download Free Report
Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Dynamic Application Security Testing (DAST). Updated: May 2026.
DOWNLOAD NOW
893,164 professionals have used our research since 2012.

We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.