IT Central Station is now PeerSpot: Here's why
Cancel
You must select at least 2 products to compare!
Invicti Logo
4,819 views|3,482 comparisons
OWASP Logo
30,259 views|19,274 comparisons
Featured Review
Buyer's Guide
Invicti vs. OWASP Zap
May 2022
Find out what your peers are saying about Invicti vs. OWASP Zap and other solutions. Updated: May 2022.
598,116 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.""The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support.""I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.""The solution generates reports automatically and quickly.""This tool is really fast and the information that they provide on vulnerabilities is pretty good."

More Invicti Pros →

"The interface is easy to use.""Automatic scanning is a valuable feature and very easy to use.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""The solution is good at reporting the vulnerabilities of the application.""The solution is scalable.""It updates repositories and libraries quickly.""They offer free access to some other tools.""The stability of the solution is very good."

More OWASP Zap Pros →

Cons
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product.""They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one.""Right now, they are missing the static application security part, especially web application security.""The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support.""The scannings are not sufficiently updated."

More Invicti Cons →

"It would be a great improvement if they could include a marketplace to add extra features to the tool.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.""Too many false positives; test reports could be improved.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""Reporting format has no output, is cluttered and very long.""The solution is unable to customize reports.""The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
  • More Invicti Pricing and Cost Advice →

  • "This is an open-source solution and can be used free of charge."
  • "This solution is open source and free."
  • "We have used the freeware version. I believe Zap only has freeware."
  • More OWASP Zap Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    598,116 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.
    Top Answer: 
    Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather… more »
    Top Answer: 
    OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer: 
    Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is… more »
    Top Answer: 
    We have used the freeware version. I believe Zap only has freeware.
    Ranking
    Views
    4,819
    Comparisons
    3,482
    Reviews
    6
    Average Words per Review
    421
    Rating
    7.8
    Views
    30,259
    Comparisons
    19,274
    Reviews
    11
    Average Words per Review
    463
    Rating
    6.9
    Comparisons
    Also Known As
    Mavituna Netsparker
    Learn More
    Overview

    Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.

    OWASP ZAP (Zed Attack Proxy) is a free, open-source web application security scanner that enables software developers and testers to perform penetration testing on their applications to discover vulnerabilities and prevent hostile attacks. To date, it is one of the most searched Open Web Application Security Project (OWASP) projects, and an international group of volunteers is maintaining it. This tool is both flexible and extensible and is intended to be used by users who are new to application security as well as expert testers. For the users' convenience, OWASP ZAP has versions for each major OS and Docker platform so as not to rely on any single OS.

    OWASP ZAP focuses on being the “middle man proxy,” as it is positioned between the user’s browser and the web application. In doing so, it will intercept and examine messages that are sent between a browser and a web application. If needed, it will adjust the contents and pass those packets on to their destination. As is the case in many corporate settings, if there is already another network proxy in use, ZAP can be configured to join that proxy. A variety of add-ons for further functionality is available on ZAP Marketplace.

    OWASP ZAP offers a range of security automation options, including:

    • Docker Packaged Scans: A ZAP automation scanner that provides a lot of flexibility and makes it easy for the user to get started with the tool.

    • Quick Start Command Line: A rapid and straightforward scanner that is suitable for a quick scan.

    • API and Daemon Mode: Through a comprehensive API, this mode gives the user complete control over ZAP.

    • Automation Framework: A state-of-the-art framework that is not tied to any current container technology. This framework will, in time, take over the Command Line and the Package Scan options.

    • GitHub Actions: The ability to use any associated and available GitHub package scan.

    Benefits of OWASP ZAP

    Some of OWASP ZAP’s benefits include:

    • The ability to run an automated scan. Once set up, ZAP will deploy two spiders to crawl the web application and subsequently scan each page it finds.

    • It interprets your results and sends an automated alert. After scanning the web application, all requests and responses sent to each page are recorded. If there is a potential problem, an alert is created and sent to the user.

    • An intuitive and innovative interface. The Heads Up Display (HUD) is a new feature that provides capabilities right in the browser. It is great for people new to web security and experienced testers alike.

    Reviews from Real Users

    OWASP ZAP stands out among its competitors for a number of reasons. Among them are the solution’s automatic scanning feature, its ease of use, its ability to report vulnerabilities, and its being a free open-source solution..

    PeerSpot user Piyush S., Technical Specialist (DevOps), notes that "Automatic scanning is a valuable feature and very easy to use. The initial setup is straightforward. The solution is free due to the fact that it is open-source. The product has a strong community surrounding it to help with issues and troubleshooting. The stability of the solution is very good."

    Raj K., Business Analyst at Experion Technologies, notes, “The valuable features are that it's very simple to use and the user interface is very good, particularly for beginners so they can start the application easily. It's enough to refer to an online tutorial to be able to start using this application. It's not very complex.”

    Balaji S., Assistant Vice President at Hexaware Technologies Limited, writes, “The solution is good at reporting the vulnerabilities of the application. It can help us with security, SQL injection vulnerability, known vulnerabilities, et cetera. Any kind of a threat that we get in the development cycle, is what we will look for. This solution helps us find them.

    Many users like how the solution has improved over the years. As Alan G., CEO at Virtual Security International, notes, "It has evolved over the years, and recently in the last year they have added HUD (Heads Up Display)."

    Offer
    Learn more about Invicti
    Learn more about OWASP Zap
    Sample Customers
    Samsung, The Walt Disney Company, T-Systems, ING Bank
    Information Not Available
    Top Industries
    REVIEWERS
    Computer Software Company29%
    Aerospace/Defense Firm14%
    Real Estate/Law Firm14%
    Insurance Company14%
    VISITORS READING REVIEWS
    Computer Software Company30%
    Comms Service Provider20%
    Financial Services Firm7%
    Government6%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm17%
    Retailer8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company28%
    Comms Service Provider27%
    Government6%
    Financial Services Firm6%
    Company Size
    REVIEWERS
    Small Business53%
    Midsize Enterprise6%
    Large Enterprise41%
    REVIEWERS
    Small Business17%
    Midsize Enterprise30%
    Large Enterprise52%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise26%
    Large Enterprise55%
    Buyer's Guide
    Invicti vs. OWASP Zap
    May 2022
    Find out what your peers are saying about Invicti vs. OWASP Zap and other solutions. Updated: May 2022.
    598,116 professionals have used our research since 2012.

    Invicti is ranked 12th in Application Security Testing (AST) with 5 reviews while OWASP Zap is ranked 6th in Application Security Testing (AST) with 10 reviews. Invicti is rated 7.8, while OWASP Zap is rated 7.0. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". Invicti is most compared with Acunetix, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix, Qualys Web Application Scanning and Checkmarx. See our Invicti vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.