We performed a comparison between Invicti and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"One of the features I like about this program is the low number of false positives and the support it offers."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"High level of accuracy and quick scanning."
"The scanner is light on the network and does not impact the network when scans are running."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"The solution generates reports automatically and quickly."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"The automation of Veracode is great because we no longer have to run manual testing."
"Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability."
"It provides security of different Shadow IT activities in our environment, especially around application development and website hosting."
"What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."
"The capability to identify vulnerable code is the most valuable feature of Veracode."
"The scanner itself should be improved because it is a little bit slow."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The custom attack preparation screen might be improved."
"The solution needs to make a more specific report."
"Netsparker doesn't provide the source code of the static application security testing."
"The support's response time could be faster since we are in different time zones."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass."
"I haven't heard about any problems so far. However, it would be great if Veracode automatically packaged stuff up for you."
"The security labs integration has room for improvement."
"The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it."
"Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis."
"There are few languages that take time for scanning. It covers the majority of languages from C to Scala, but it doesn't support certain languages and the newer versions of certain languages. For example, it doesn't support SAP and new JavaScript frameworks such as Node.js and React JS. They can include support for these. If you go to their website, you can see the list of languages that are currently supported. The false-positive rates are also something they can work on."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"One concern is that scans take a long time to run. We scan at the end of the day because we know it will take a lot of time. We leave it to run and the report will be generated by the next day when we arrive. The scanning time could be reduced."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
Invicti is ranked 20th in Application Security Tools with 25 reviews while Veracode is ranked 2nd in Application Security Tools with 186 reviews. Invicti is rated 8.2, while Veracode is rated 8.2. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx, Snyk, Fortify on Demand and OWASP Zap. See our Invicti vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.