Invicti vs OpenText Dynamic Application Security Testing comparison

Invicti and OpenText are both solutions in the Dynamic Application Security Testing (DAST) category. Invicti is ranked #4 with an average rating of 8.5, while OpenText is ranked #3 with an average rating of 8.0. Invicti holds a 8.5% mindshare in DAST, compared to OpenText’s 11.6% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 83% of OpenText users who would recommend it.

Invicti

Read 31 Invicti reviews

5,734 Views
1,491 Comparison Views

96% willing to recommend

OpenText Dynamic Applicatio...

Read 22 OpenText Dynamic Application Security Testing reviews

5,274 Views
2,110 Comparison Views

83% willing to recommend

Invicti

OpenText Dynamic Applicatio...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Mar 29, 2026

Invicti and OpenText Dynamic Application Security Testing are competing products in the field of application security testing. Invicti shows an edge due to its ease of implementation and customer-driven adjustments, while OpenText DAST is a strong contender with its comprehensive security features.

Features: Invicti is known for its automated testing, accurate vulnerability detection, and integration with various development environments. OpenText DAST offers robust testing tools, enhanced reporting capabilities, and assesses a wide range of applications efficiently.

Room for Improvement: Invicti could enhance its performance speed and reduce scan times, improve documentation, and expand some of its test scenarios. OpenText DAST could work on simplifying its setup process, improving its user interface, and enhancing integration capabilities with third-party applications.

Ease of Deployment and Customer Service: Invicti provides a straightforward deployment model and is praised for proactive customer service. OpenText DAST requires a more complex setup but offers in-depth support and extensive resources.

Pricing and ROI: Invicti is valued for cost-effectiveness, offering a quick return on investment with less initial cost. OpenText DAST involves a higher initial investment but provides extensive ROI over time for thorough security assessments.

To learn more, read our detailed Invicti vs. OpenText Dynamic Application Security Testing Report (Updated: April 2026).

Buyer's Guide

Invicti vs. OpenText Dynamic Application Security Testing

April 2026

Download the complete report

Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Invicti

Ranking in Dynamic Application Security Testing (DAST)

4th

Average Rating

8.2

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (10th), Container Security (25th), Software Composition Analysis (SCA) (8th), API Security (9th), Application Security Posture Management (ASPM) (6th)

OpenText Dynamic Applicatio...

Ranking in Dynamic Application Security Testing (DAST)

3rd

Average Rating

7.2

Reviews Sentiment

6.1

Number of Reviews

Ranking in other categories

DevSecOps (8th)

Mindshare comparison

As of June 2026, in the Dynamic Application Security Testing (DAST) category, the mindshare of Invicti is 8.5%, up from 6.7% compared to the previous year. The mindshare of OpenText Dynamic Application Security Testing is 11.6%, up from 10.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST) Mindshare Distribution
Product	Mindshare (%)
OpenText Dynamic Application Security Testing	11.6%
Invicti	8.5%
Other	79.9%

Dynamic Application Security Testing (DAST)

Featured Reviews

PrashantUppuluri

Solution Architect at a tech services company with 51-200 employees

Automated scanning has strengthened web application security and supports hybrid protection

A good scanning engine is what I appreciate about Invicti. When you want to find out the vulnerabilities within your web applications, Invicti has done a thorough job with respect to filtering out the vulnerabilities and identifying the risk factors with respect to the security modules within the solution. Invicti does have a segment of the solution which works on the automated scanning engine. As long as the license is active, the scanners that work within the solution are pretty effective. With respect to SAST and DAST, being a real-time scanning engine is one of the portfolios and one of the selling factors of the solution. Invicti is known to be a solution that works within the hybrid environment, be it cloud, on-premises, or a mix and match across multiple marketplaces. It does a thorough job. Most importantly, Invicti is a very good SAST and DAST solution that is very competitive in the market with respect to competitors. Invicti is a part of the Magic Quadrant with respect to Gartner's Magic Quadrant and has made a very good customer database and pipeline within the marketplace locally. With respect to security impacts in terms of support, Invicti is pretty much supportive. With respect to use cases or the POCs I have run on the solution, we have identified a couple of vulnerabilities and Invicti was able to trace them, detect, and quarantine the attacks.

Read full review

ArnabPaul

Cyber Security Consultant at a tech vendor with 10,001+ employees

Enhancements in manual testing align with reporting and integration features

WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applications, where it requires approximately 20-24 hours to crawl and audit but produces minimal findings, necessitating manual verification. The solution offers customization features for crawling and vulnerability detection. It includes various security frameworks and allows selection of specific vulnerability types to audit, such as OWASP Top 10 or JavaScript-based vulnerabilities. When working with APIs, we can select OWASP API Top 10. The tool also supports custom audit features by combining different security frameworks. For on-premises deployment, the setup is complex, particularly regarding SQL server configuration. Unlike Burp Suite or OpenText Dynamic Application Security Testing, which have simpler setup processes, WebInspect requires SQL server setup to function.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."

"The solution generates reports automatically and quickly and it's a very user-friendly product."

"Netsparker offers some pretty features: Crawling feature: Netsparker has very detail crawling steps and mechanisms, this feature expands the attack surface, Attacking feature: Actually, attacking is not a solo feature, it contains many attack engines, Hawk, and many properties, but Netsparker's attacking mechanism is very flexible, this increases the vulnerability detection rate, also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing, it's very valuable for a vulnerability scanner, and a very useful API for automating the scans."

"Netsparker provides a more interactive interface that is more appealing."

"Technical support is very professional, 10/10."

"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."

"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."

"I'd recommend Netsparker for anyone who wants to make a security assessment for web applications."

More Invicti pros

"The product is a good option for enterprise-level organizations."

"The most valuable feature of this solution is the ability to make our customers more secure."

"The FPA and Audit Workbench are very helpful for me, and when we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities, with very detailed examples for each vulnerability, so it is very good for users and beginners and doesn't take a lot of time to understand the tool."

"The most valuable feature is the static analysis."

"It is a good product, comparable to AppScan, quite scalable, and offers good cost/value with the support and backing from Micro Focus."

"The solution is able to detect a wide range of vulnerabilities and is better at it than other products."

"The solution is easy to use."

"It is scalable and very easy to use."

More OpenText Dynamic Application Security Testing pros

Cons

"Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes."

"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."

"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."

"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."

"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."

"I find that the scannings are not sufficiently updated."

"I think that it freezes without any specific reason at times. This needs to be looked into."

"Perhaps the custom attack preparation screen might be improved."

More Invicti cons

"My advice to others using Fortify WebInspect is not to use it, there are better solutions in the market."

"We have often encountered scanning errors."

"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."

"The first time we ran the module, it was okay, however, the next time we ran it, it almost crashed."

"The solution is on the expensive side. It's something that clients comment on."

"A localized version, for example, in Korean would be a big improvement to this solution."

"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."

"Creating reports is very slow and it is something that should be improved."

More OpenText Dynamic Application Security Testing cons

Pricing and Cost Advice

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"OWASP Zap is free and it has live updates, so that's a big plus."

"It is competitive in the security market."

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"The price should be 20% lower"

"We never had any issues with the licensing; the price was within our assigned limits."

More Invicti pricing and cost advice

"Our licensing is such that you can only run one scan at a time, which is inconvenient."

"The price is okay."

"It’s a fair price for the solution."

"The pricing is not clear and while it is not high, it is difficult to understand."

"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."

"Fortify WebInspect is a very expensive product."

"This solution is very expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.

See recommendations

900,747 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

10%

Computer Software Company

Construction Company

Financial Services Firm

12%

Government

12%

Manufacturing Company

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	14
Midsize Enterprise	4
Large Enterprise	13

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	1
Large Enterprise	15

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...

See all answers

What needs improvement with Invicti?

At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...

See all answers

What is your primary use case for Invicti?

I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...

See all answers

What is your experience regarding pricing and costs for Fortify WebInspect?

While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs between $15,000 to $19,000. In comparison, Burp Suite costs approximately $500 to ...

See all answers

What needs improvement with Fortify WebInspect?

See all answers

What is your primary use case for Fortify WebInspect?

I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect fo...

See all answers

Comparisons

Veracode vs Invicti

Compared 8% of the time

Acunetix vs Invicti

Compared 7% of the time

SonarQube vs Invicti

Compared 5% of the time

Checkmarx One vs Invicti

Compared 4% of the time

Snyk vs Invicti

Compared 4% of the time

More Invicti Competitors

PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing

Compared 29% of the time

Checkmarx One vs OpenText Dynamic Application Security Testing

Compared 6% of the time

Acunetix vs OpenText Dynamic Application Security Testing

Compared 6% of the time

Veracode vs OpenText Dynamic Application Security Testing

Compared 5% of the time

Check Point CloudGuard Code Security vs OpenText Dynamic Application Security Testing

Compared 5% of the time

More OpenText Dynamic Application Security Testing Competitors

Product Reports

Buyer's Guide

Invicti

June 2026

Download Invicti product report

Buyer's Guide

OpenText Dynamic Application Security Testing

June 2026

OpenText Dynamic Application Security Testing report

Download OpenText Dynamic Application Security Testing product report

Also Known As

Netsparker

Micro Focus WebInspect, WebInspect

Overview

Invicti offers advanced web application security testing focused on identifying vulnerabilities like SQL injection and cross-site scripting. Its Proof-Based Scanning minimizes false positives and integrates seamlessly with CI/CD pipelines, making it an effective tool for enterprise environments.

Invicti provides comprehensive scanning capabilities that include detecting and verifying critical vulnerabilities and security data consolidation. Its scalable scanning engine and robust API support allow for flexible testing across diverse environments, including web and API testing. Despite some drawbacks like limited single sign-on integration and slow scanning speeds for large applications, Invicti remains a popular choice for automating security assessments, ensuring compliance with standards like OWASP Top 10, PCI DSS, and GDPR.

What are the key features of Invicti?

Comprehensive Vulnerability Scanning: Detects vulnerabilities like SQL injection and XSS.
Proof-Based Scanning: Confirms exploitability and reduces false positives.
CI/CD Integration: Seamlessly integrates with development pipelines.
Security Data Consolidation: Centralizes data for better insights.
User-Friendly Interface: Facilitates easy analysis and reporting.
Scalable Scanning Engine: Supports testing in enterprise environments.
Robust API Support: Enhances flexibility in testing.

What benefits and ROI should users look for in reviews?

Proactive Security: Actively identifies and verifies vulnerabilities to prevent breaches.
Regulatory Compliance: Helps maintain compliance with standards like PCI DSS and GDPR.
Efficient Vulnerability Management: Aids in prioritizing remediation efforts.
Integration Capabilities: Streamlines processes with CI/CD pipeline compatibility.

In industries like finance, healthcare, and e-commerce, Invicti is implemented to bolster security through automated vulnerability assessments. Its ability to provide insightful reports and remediation suggestions assists companies in efficiently managing security risks and achieving compliance with critical regulatory standards.

Invicti

OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.

This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in cloud integration, cost-effectiveness, and installation processes. Faster scans, reduced false positives, and improved mobile testing features are also desired.

What are the key features of OpenText Dynamic Application Security Testing?

Scalability: Easily adapts to changing enterprise needs.
Ease of Use: User-friendly interface with guided scans.
Comprehensive Reporting: Detailed vulnerability analysis and reporting.
Integration Capabilities: Works with Fortify code scanner and user authentication scanning.
Wide Vulnerability Detection: Identifies extensive security vulnerabilities.

What benefits should users expect from reviews?

Efficient Vulnerability Management: Streamlines security management in development environments.
Detailed Analysis: Provides in-depth insights into security issues.
Quick Setup: Easy to deploy within existing systems.
Enterprise Preference: Supports enterprise environments efficiently.

In industries like BFSI, OpenText Dynamic Application Security Testing is employed for performance network application testing, dynamic and static application security testing, and code checks. Security and QA teams use it in development processes to ensure application security prior to release, proving integral in both enterprise and testing environments.

OpenText

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Aaron's

Buyer's Guide

Invicti vs. OpenText Dynamic Application Security Testing

April 2026

Free Report: Invicti vs. OpenText Dynamic Application Security Testing

Find out what your peers are saying about Invicti vs. OpenText Dynamic Application Security Testing and other solutions. Updated: April 2026.

DOWNLOAD NOW

900,747 professionals have used our research since 2012.

See our Invicti vs. OpenText Dynamic Application Security Testing report.

See our list of best Dynamic Application Security Testing (DAST) vendors.

We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.