Try our new research platform with insights from 80,000+ expert users

Invicti vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Invicti
Ranking in Static Application Security Testing (SAST)
14th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
29
Ranking in other categories
API Security (6th), Dynamic Application Security Testing (DAST) (4th)
Qualys Web Application Scan...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
38
Ranking in other categories
Application Security Tools (13th)
 

Mindshare comparison

As of July 2025, in the Static Application Security Testing (SAST) category, the mindshare of Invicti is 1.5%, up from 1.1% compared to the previous year. The mindshare of Qualys Web Application Scanning is 2.1%, down from 2.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.
Kelvin Oladipo - PeerSpot reviewer
User-friendly scanning provides valuable vulnerability insights, but pricing improvements are needed
Qualys Web Application Scanning ( /products/qualys-web-application-scanning-reviews ) is user-friendly, easy to understand, easy to use, and easy to deploy. Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities. The product helps by providing options for remediating vulnerabilities it finds, making it really useful.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"It is a very stable solution."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"Qualys Web Application Scanning is accurate and provides minimal false positives."
"Qualys Web Application Scanning is robust and mature from industry standards."
"The vulnerability management feature is a strong one. And also the patch management feature."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
 

Cons

"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Netsparker doesn't provide the source code of the static application security testing."
"They could enhance the support for data swap testing for the platform."
"Right now, they are missing the static application security part, especially web application security."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"The scannings are not sufficiently updated."
"Invicti's reporting capabilities need enhancement."
"The scanner itself should be improved because it is a little bit slow."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"There should be better visibility into the application."
"The solution needs to adjust its pricing. They should make it more affordable."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The software’s pricing could be improved."
"Deployment can be complicated."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"We have many websites. We don't force scanning on all of them at once because it's taking some time."
 

Pricing and Cost Advice

"OWASP Zap is free and it has live updates, so that's a big plus."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The price should be 20% lower"
"It is competitive in the security market."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"From my perspective, it is a budget-friendly option."
"The product is expensive, at least initially, in comparison to other products in this category."
"Try the free trial of the product to understand the basic working mechanisms.​"
"Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."
"We normally purchase an annual license."
"Qualys WAS' pricing is competitive."
"The product has a very good licensing model."
"It is an expensive platform."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
860,825 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
19%
Financial Services Firm
15%
Computer Software Company
12%
Manufacturing Company
8%
Computer Software Company
15%
Financial Services Firm
14%
Manufacturing Company
10%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerab...
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus ( /products/tenable-nessus-reviews ). After using the product for a year, I might have more s...
 

Also Known As

Netsparker
Qualys WAS
 

Overview

 

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Invicti vs. Qualys Web Application Scanning and other solutions. Updated: July 2025.
860,825 professionals have used our research since 2012.