Invicti vs Wallarm NG WAF comparison

Invicti and Wallarm are both solutions in the API Security category. Invicti is ranked #9 with an average rating of 8.5, while Wallarm is ranked #13. Invicti holds a 2.7% mindshare in APIS, compared to Wallarm’s 3.9% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 100% of Wallarm users who would recommend it.

Invicti

Read 31 Invicti reviews

3,137 Views
220 Comparison Views

96% willing to recommend

Wallarm NG WAF

Read 5 Wallarm NG WAF reviews

741 Views
348 Comparison Views

100% willing to recommend

Invicti

Wallarm NG WAF

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Feb 4, 2025

Invicti and Wallarm NG WAF are competing products in cybersecurity. Wallarm NG WAF is perceived as having an advantage in features, making it a preferred choice for comprehensive protection.

Features: Invicti offers comprehensive scanning for vulnerabilities like SQL injection and cross-site scripting, proof-based scanning to reduce false positives, and robust integration with security tools. Wallarm NG WAF features AI-driven threat detection, real-time threat protection adaptable to evolving threats, and seamless integration with cloud environments for enhanced security.

Room for Improvement: Invicti could enhance its cloud environment integration, expand its AI threat detection capabilities, and offer more flexible deployment options. Wallarm NG WAF might benefit from improving its reporting functionalities, reducing complexity in user interface design, and minimizing the learning curve for new users.

Ease of Deployment and Customer Service: Invicti offers straightforward deployment suitable for various enterprise needs and is supported by responsive customer service. Wallarm NG WAF provides flexible deployment options across cloud, hybrid, and on-premises environments, with an emphasis on rapid technical support and comprehensive customer service.

Pricing and ROI: Invicti generally offers a competitive setup cost, appealing to budget-conscious buyers. Wallarm NG WAF may involve a higher initial investment but delivers substantial ROI with its advanced features, appealing to organizations prioritizing long-term security benefits.

To learn more, read our detailed Invicti vs. Wallarm NG WAF Report (Updated: December 2025).

Buyer's Guide

Invicti vs. Wallarm NG WAF

December 2025

Download the complete report

Helped 881,082 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Invicti

Ranking in API Security

9th

Average Rating

8.2

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (11th), Container Security (25th), Software Composition Analysis (SCA) (8th), Dynamic Application Security Testing (DAST) (5th), Application Security Posture Management (ASPM) (5th)

Wallarm NG WAF

Ranking in API Security

13th

Average Rating

8.6

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Web Application Firewall (WAF) (40th)

Mindshare comparison

As of January 2026, in the API Security category, the mindshare of Invicti is 2.7%, up from 2.2% compared to the previous year. The mindshare of Wallarm NG WAF is 3.9%, up from 3.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

API Security Market Share Distribution
Product	Market Share (%)
Invicti	2.7%
Wallarm NG WAF	3.9%
Other	93.4%

API Security

Featured Reviews

Valavan Sivgalingam

Senior Manager, Security Engineering at ESS

Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations

It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.

Read full review

it_user796242

Information Security Engineer at a tech vendor with 51-200 employees

Helps us to monitor attacks to our sites and prevents a lot of them

Set up Wallarm as a reverse proxy. Do not replace your web server. Use Wallarm first in monitoring mode, then learn from Wallarm which type of request is false positive and which type of request is not. This process takes a couple of weeks for very highly-loaded web applications (few millions of unique visitors in one month). Then you can turn Wallarm into blocking mode and everything will be fine. Do not forget to build a monitoring system, the wave, and API for it. Before we started using Wallarm, I already knew Ivan (CEO) and Stepan (COO) from a couple of years before. Ivan had his own security company and Stepan was working on a Russian security magazine called Xakep. They told us that they wanted to create a new WAF and already had a working version of it. They asked me to test it. We did tests, and it was really good. After few month after testing, we signed an agreement. Our choice was made not because we knew these guys for a long time, but because the product was really cool and we were glad to start using it as one of the first on the market!

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"One of the features I like about this program is the low number of false positives and the support it offers."

"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."

"The scanner and the result generator are valuable features for us."

"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."

"The solution generates reports automatically and quickly."

"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."

"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."

More Invicti pros

"Helps us to monitor situation in regards to attacks to our sites and prevents a lot of them."

Cons

"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"

"The scanning time, complexity, and authentication features of Invicti could be improved."

"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."

"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."

"The solution needs to make a more specific report."

"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."

"Invicti takes too long with big applications, and there are issues with the login portal."

"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

More Invicti cons

"The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine."

Pricing and Cost Advice

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"The price should be 20% lower"

"OWASP Zap is free and it has live updates, so that's a big plus."

"We never had any issues with the licensing; the price was within our assigned limits."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"It is competitive in the security market."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

More Invicti pricing and cost advice

"Pricing must be cheaper than the competition and the licensing must be good."

See which vendors are best for you

Use our free recommendation engine to learn which API Security solutions are best for your needs.

See recommendations

881,082 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

11%

Manufacturing Company

Government

Manufacturing Company

13%

Government

13%

Financial Services Firm

11%

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	14
Midsize Enterprise	4
Large Enterprise	13

No data available

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...

See all answers

What needs improvement with Invicti?

At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...

See all answers

What is your primary use case for Invicti?

I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...

See all answers

Ask a question

Earn 20 points

Comparisons

Acunetix vs Invicti

Compared 16% of the time

SonarQube vs Invicti

Compared 8% of the time

Veracode vs Invicti

Compared 7% of the time

OpenText Dynamic Application Security Testing vs Invicti

Compared 6% of the time

Rapid7 InsightAppSec vs Invicti

Compared 6% of the time

More Invicti Competitors

Akamai API Security vs Wallarm NG WAF

Compared 19% of the time

Cequence Security vs Wallarm NG WAF

Compared 13% of the time

Imperva Application Security Platform vs Wallarm NG WAF

Compared 12% of the time

Salt Security vs Wallarm NG WAF

Compared 10% of the time

Fastly vs Wallarm NG WAF

Compared 10% of the time

More Wallarm NG WAF Competitors

Product Reports

Buyer's Guide

Invicti

January 2026

Download Invicti product report

Buyer's Guide

Web Application Firewall (WAF)

January 2026

Download Wallarm NG WAF product report

Also Known As

Netsparker

Wallarm NG-WAF

Overview

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti

Wallarm NG WAF provides advanced security by integrating machine learning, making it essential for modern web applications. It offers protection against sophisticated threats and automates many processes.

Wallarm NG WAF leverages AI-driven technology to deliver robust security measures. It helps in defending web applications from cybersecurity threats with enhanced threat detection and response capabilities. Beyond vulnerability insights, Wallarm enhances security protocols, scales with growing online demands, and ensures comprehensive threat coverage, fostering a safer web environment.

What are the key features of Wallarm NG WAF?

AI-Powered Threat Detection: Identifies and mitigates sophisticated attacks efficiently.
Automated Security Updates: Continuously updates defense strategies without manual intervention.
Flexible Deployment: Easily integrates across cloud, on-premise, and hybrid setups.
Scalability: Adapts to growing traffic volumes with consistent protection.
Detailed Reporting: Provides comprehensive analytics on web security posture.

What benefits can users expect from Wallarm NG WAF?

Increased Security: Enhances threat detection and reduces vulnerabilities.
Operational Efficiency: Reduces manual intervention with automated tasks.
Cost-Effectiveness: Optimizes security expenditure by preventing potential breaches.
Time Savings: Automates repetitive actions, saving valuable time for IT teams.

In industries like finance, e-commerce, and healthcare, Wallarm NG WAF is implemented to ensure data protection and compliance with stringent security standards. Its adaptability allows it to meet industry-specific requirements, offering specialized configurations tailored to each sector's unique demands.

Wallarm

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Panasonic. Miro. Rappi. Wargaming. Gannett. Omio. Acronis. Workforce Software. Tipalti. SEMRush.

Buyer's Guide

Invicti vs. Wallarm NG WAF

December 2025

Free Report: Invicti vs. Wallarm NG WAF

Find out what your peers are saying about Invicti vs. Wallarm NG WAF and other solutions. Updated: December 2025.

DOWNLOAD NOW

881,082 professionals have used our research since 2012.

See our Invicti vs. Wallarm NG WAF report.

See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.