Invicti vs PortSwigger Burp Suite Enterprise Edition comparison

"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."

"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."

"The solution generates reports automatically and quickly."

"The most valuable feature of Invicti is getting baseline scanning and incremental scan."

"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."

"Its ability to crawl a web application is quite different than another similar scanner."

"Netsparker provides a more interactive interface that is more appealing."

"The scanner and the result generator are valuable features for us."

"The initial setup is straightforward."

"This tool helps identify vulnerabilities. We then provide the report to the developers, who address the issues identified automatically. Its most valuable feature is CI/CD integration."

"The product's initial setup phase was super easy."

"Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition."

"The solution's extensions really expand the capabilities and features offered by the installation."

"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."

"The most valuable part of it was probably the ability to intercept and modify calls."

"The tool is loaded with many features that give us ROI."

"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

"I think that it freezes without any specific reason at times. This needs to be looked into."

"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."

"The scanner itself should be improved because it is a little bit slow."

"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."

"Maybe the ability to make a good reporting format is needed."

"The support's response time could be faster since we are in different time zones."

"The scannings are not sufficiently updated."

"Scalability could be better."

"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."

"The cost per license per user could be cheaper, specifically for individual licensing."

"The stability of the scans could be improved."

"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."

"There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings."

"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."

"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."

"OWASP Zap is free and it has live updates, so that's a big plus."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"We never had any issues with the licensing; the price was within our assigned limits."

"It is competitive in the security market."

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"The price should be 20% lower"

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."

"For Professional, it's about $400 per year."

"The tool's pricing is reasonable and costs around 400 dollars per year."

"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."

"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."