Invicti vs Software Risk Manager ASPM comparison

Invicti and Black Duck are both solutions in the Application Security Posture Management (ASPM) category. Invicti is ranked #5 with an average rating of 8.5, while Black Duck is ranked #14. Invicti holds a 3.7% mindshare in ASPM, compared to Black Duck’s 3.8% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Mar 22, 2026

Invicti and Software Risk Manager ASPM are notable competitors in the application security sector. Invicti holds an advantage in customer service and pricing, while Software Risk Manager ASPM attracts tech buyers with its superior feature set.

Features: Invicti offers robust automated scanning, integration with multiple development tools, and efficient security testing, streamlining the security process. Software Risk Manager ASPM provides comprehensive vulnerability management, advanced threat detection, and in-depth security analysis, making it suitable for organizations focusing on thorough security measures.

Ease of Deployment and Customer Service: Invicti provides a straightforward deployment process and has accessible customer support, making it ideal for teams seeking a smooth implementation. Software Risk Manager ASPM's extensive features result in a more complex deployment process, but reliable support is still available for organizations requiring robust security functionalities.

Pricing and ROI: Invicti offers a competitive setup cost, focusing on quick ROI through efficient security testing, appealing to cost-conscious buyers. Software Risk Manager ASPM may involve higher initial costs, yet its comprehensive feature set offers substantial value, promising a strong ROI for those prioritizing detailed application security.

To learn more, read our detailed Application Security Posture Management (ASPM) Report (Updated: March 2026).

Buyer's Guide

Application Security Posture Management (ASPM)

March 2026

Download the complete report

Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex Cloud by Palo Alto N...

Mindshare comparison

As of March 2026, in the Application Security Posture Management (ASPM) category, the mindshare of Cortex Cloud by Palo Alto Networks is 1.8%. The mindshare of Invicti is 3.7%, up from 2.4% compared to the previous year. The mindshare of Software Risk Manager ASPM is 3.8%, up from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Posture Management (ASPM) Mindshare Distribution
Product	Mindshare (%)
Invicti	3.7%
Cortex Cloud by Palo Alto Networks	1.8%
Software Risk Manager ASPM	3.8%
Other	90.7%

Application Security Posture Management (ASPM)

Featured Reviews

Sonali Jha

Technical Solutions Architect at IBM

Cloud security has improved as AI-driven runtime protection detects threats and reduces incidents

In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea about that yet because for that you actually need to use two or three different other tools to make a basic comparison. If you ask me how good the tool is, I would fairly rate it quite high. The tool is very popular, and customers can already see that it is one of the cloud leaders in the security space. The platform had a very good feature which provides documentation links about how to use a specific feature on the UI. It takes you to the proper documentation page where it suggests what to do and tells you about the steps that need to be done for a resource deployment. My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella. It has XDR, XSOAR, and Cortex Cloud by Palo Alto Networks. Before, we used to have separate modules and separate environments for each of these capabilities or features. Right now, it is a little complex and users would take their own time to know the tool better. This is something that would have been way better, but I would say there would be different opinions on this. Talking about user-friendliness, it has decreased now.

Read full review

Valavan Sivgalingam

Senior Manager, Security Engineering at ESS

Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations

It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.

Read full review

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

Facilitates continuous assessment of applications, covering both static and dynamic security aspects

Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most beneficial aspect of Cortex Cloud by Palo Alto Networks and Palo Alto in general is that there is a single platform for all cloud providers for securitization."

"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."

"Cortex Cloud by Palo Alto Networks' cloud runtime security in terms of stopping attacks in real time is impressive."

"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."

"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."

"The most valuable features I have found in Cortex Cloud by Palo Alto Networks are those that we provided to customers in a stock environment, as we have done some POCs and tried to check how it can help different organizations, and this same solution has been positioned for multiple customers."

"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."

"The capabilities of Cortex Cloud by Palo Alto Networks are valuable because it is the best product in the market."

More Cortex Cloud by Palo Alto Networks pros

"I would definitely recommend it to those who really want to know in-depth details of their applications/products regarding security."

"The solution generates reports automatically and quickly."

"Netsparker offers some pretty features: Crawling feature: Netsparker has very detail crawling steps and mechanisms, this feature expands the attack surface, Attacking feature: Actually, attacking is not a solo feature, it contains many attack engines, Hawk, and many properties, but Netsparker's attacking mechanism is very flexible, this increases the vulnerability detection rate, also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing, it's very valuable for a vulnerability scanner, and a very useful API for automating the scans."

"Technical support is very professional, 10/10."

"Its ability to crawl a web application is quite different than another similar scanner, and sometimes it can find more vulnerabilities that another scanner can’t."

"NetSparker is a very easy to use and understand product."

"Its ability to crawl a web application is quite different than another similar scanner."

"This tool is really fast and the information that they provide on vulnerabilities is pretty good."

More Invicti pros

"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."

Cons

"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."

"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."

"My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella."

"The negative aspects or areas for improvement in the product include the fact that the cost might be a bit high, which challenges commercials, but not technically."

"Cortex Cloud by Palo Alto Networks is not the cheapest solution in the market, but I know that is the best solution for SOC and Cloud once have all tools to connect cloud issues with SOC procedures, because we are partners with T-Systems."

"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."

"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."

"As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler."

More Cortex Cloud by Palo Alto Networks cons

"Maybe supported clients can be improved. It still does not search vulnerabilities in DB2 databases, for example."

"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."

"Maybe the ability to make a good reporting format is needed."

"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."

"Right now, they are missing the static application security part, especially web application security."

"I think that it freezes without any specific reason at times. This needs to be looked into."

"Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes."

"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"

More Invicti cons

"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."

Pricing and Cost Advice

Information not available

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"It is competitive in the security market."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"We never had any issues with the licensing; the price was within our assigned limits."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"OWASP Zap is free and it has live updates, so that's a big plus."

More Invicti pricing and cost advice

"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.

See recommendations

884,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

Manufacturing Company

Performing Arts

Computer Software Company

Financial Services Firm

15%

Manufacturing Company

Computer Software Company

Government

Financial Services Firm

18%

University

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	6
Midsize Enterprise	1
Large Enterprise	4

By reviewers
Company Size	Count
Small Business	14
Midsize Enterprise	4
Large Enterprise	13

No data available

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?

The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...

See all answers

What needs improvement with Cortex Cloud by Palo Alto Networks?

As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler. There are few features which a...

See all answers

What is your primary use case for Cortex Cloud by Palo Alto Networks?

My use case for Cortex Cloud by Palo Alto Networks is for CSPM, application security, and IAM. I use it for checking ...

See all answers

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150...

See all answers

What needs improvement with Invicti?

At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-t...

See all answers

What is your primary use case for Invicti?

I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with r...

See all answers

Ask a question

Earn 20 points

Comparisons

Wiz vs Cortex Cloud by Palo Alto Networks

Compared 16% of the time

Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks

Compared 15% of the time

SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks

Compared 9% of the time

Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks

Compared 6% of the time

WithSecure Elements Exposure Management (XM) vs Cortex Cloud by Palo Alto Networks

Compared 6% of the time

More Cortex Cloud by Palo Alto Networks Competitors

Acunetix vs Invicti

Compared 9% of the time

Veracode vs Invicti

Compared 8% of the time

SonarQube vs Invicti

Compared 6% of the time

OpenText Dynamic Application Security Testing vs Invicti

Compared 5% of the time

Rapid7 InsightAppSec vs Invicti

Compared 4% of the time

More Invicti Competitors

PortSwigger Burp Suite Professional vs Software Risk Manager ASPM

Compared 21% of the time

Polaris Platform vs Software Risk Manager ASPM

Compared 8% of the time

Veracode vs Software Risk Manager ASPM

Compared 7% of the time

Checkmarx One vs Software Risk Manager ASPM

Compared 7% of the time

Snyk vs Software Risk Manager ASPM

Compared 6% of the time

More Software Risk Manager ASPM Competitors

Product Reports

Buyer's Guide

Cortex Cloud by Palo Alto Networks

March 2026

Cortex Cloud by Palo Alto Networks report

Download Cortex Cloud by Palo Alto Networks product report

Buyer's Guide

Invicti

March 2026

Download Invicti product report

Buyer's Guide

Application Security Posture Management (ASPM)

March 2026

Download Software Risk Manager ASPM product report

Also Known As

No data available

Netsparker

Code Dx

Overview

Cortex Cloud by Palo Alto Networks provides comprehensive cybersecurity management, focusing on enhancing security operations with advanced automation and threat intelligence, addressing complex security challenges efficiently.

Cortex Cloud by Palo Alto Networks integrates cloud-scale data analytics and automation to streamline security operations, enabling faster threat detection and response. It leverages AI and machine learning to provide real-time threat intelligence and automate routine tasks, reducing the burden on security teams. Users benefit from improved visibility across networks and greater operational efficiency, making it crucial for enterprises aiming to secure their digital assets against evolving cyber threats.

What are the key features of Cortex Cloud by Palo Alto Networks?

Automated Threat Detection: Identifies and mitigates threats in real-time using AI algorithms.
Advanced Analytics: Provides in-depth data insights for proactive threat prevention.
Incident Management: Streamlines incident response with automated workflows.
Scalable Architecture: Offers flexibility to grow with organizational needs.

What benefits or ROI should you expect from Cortex Cloud by Palo Alto Networks reviews?

Increased Efficiency: Automation reduces manual efforts in threat management.
Enhanced Security Posture: Improved visibility leads to better threat preparedness.
Cost Savings: Minimizes expenses related to manual threat detection and response.
Scalability: Grows with the organization, reducing the need for constant upgrades.

Cortex Cloud by Palo Alto Networks is favored in sectors like finance, healthcare, and telecommunications, where data security is paramount. Its ability to integrate with existing infrastructure and provide real-time insights makes it a preferred choice for securing sensitive information and ensuring compliance within industry regulations.

Palo Alto Networks

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck

Sample Customers

Information Not Available

Samsung, The Walt Disney Company, T-Systems, ING Bank

Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".

Buyer's Guide

Application Security Posture Management (ASPM)

March 2026

Download Free Report

Find out what your peers are saying about Veracode, Snyk, Checkmarx and others in Application Security Posture Management (ASPM). Updated: March 2026.

DOWNLOAD NOW

884,873 professionals have used our research since 2012.

See our list of best Application Security Posture Management (ASPM) vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.