No more typing reviews! Try our Samantha, our new voice AI agent.

Invicti vs Wallarm NG WAF comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 4, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Invicti
Ranking in API Security
10th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (12th), Container Security (26th), Software Composition Analysis (SCA) (10th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (8th)
Wallarm NG WAF
Ranking in API Security
14th
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
5
Ranking in other categories
Web Application Firewall (WAF) (39th)
 

Mindshare comparison

As of July 2026, in the API Security category, the mindshare of Invicti is 3.9%, up from 2.3% compared to the previous year. The mindshare of Wallarm NG WAF is 3.5%, down from 4.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
API Security Mindshare Distribution
ProductMindshare (%)
Invicti3.9%
Wallarm NG WAF3.5%
Other92.6%
API Security
 

Featured Reviews

Valavan Sivgalingam - PeerSpot reviewer
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
it_user796242 - PeerSpot reviewer
Information Security Engineer at a tech vendor with 51-200 employees
Helps us to monitor attacks to our sites and prevents a lot of them
Set up Wallarm as a reverse proxy. Do not replace your web server. Use Wallarm first in monitoring mode, then learn from Wallarm which type of request is false positive and which type of request is not. This process takes a couple of weeks for very highly-loaded web applications (few millions of unique visitors in one month). Then you can turn Wallarm into blocking mode and everything will be fine. Do not forget to build a monitoring system, the wave, and API for it. Before we started using Wallarm, I already knew Ivan (CEO) and Stepan (COO) from a couple of years before. Ivan had his own security company and Stepan was working on a Russian security magazine called Xakep. They told us that they wanted to create a new WAF and already had a working version of it. They asked me to test it. We did tests, and it was really good. After few month after testing, we signed an agreement. Our choice was made not because we knew these guys for a long time, but because the product was really cool and we were glad to start using it as one of the first on the market!

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"NetSparker is a very easy to use and understand product."
"The scanner is light on the network and does not impact the network when scans are running."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"OWASP Zap is free and it has live updates, so that's a big plus."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"We use simultaneous products, but I found this to be the best of the lot."
"With active threat detection, we are no longer over-swamped with tons of useless events."
"The most powerful feature is the ability to first learn what type of query to make to your web application when it is attacked and what type of query creates a false positive to your app."
"Vulnerability scanner and WAF are valuable features."
"Perimeter control and active vulnerability scanner are the most valuable features."
"They are the only solution that fits our success criteria and business objectives: WAF must have a low (<5%) false negative rate and be ready to protect from all well-known web attacks."
"Helps us to monitor situation in regards to attacks to our sites and prevents a lot of them."
 

Cons

"Netsparker doesn't provide the source code of the static application security testing."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The scan performance can be improved upon."
"Maybe the ability to make a good reporting format is needed."
"Improvement could be made in the area of production."
"I find that the scannings are not sufficiently updated."
"The scanner itself should be improved because it is a little bit slow."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine."
"There were several stability issues during the first pilot."
"It needs more customization in PDF reports."
"Technical support is 6 or 7 out of 10. Sometimes we have had trouble with communication and understanding."
"Wallarm uses a learning mechanism to detect attacks and to avoid false positives. If Wallarm blocks some illegitimate request, then you can go to the management console and mark this request as false positive, but sometimes this does not work properly."
 

Pricing and Cost Advice

"We never had any issues with the licensing; the price was within our assigned limits."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"OWASP Zap is free and it has live updates, so that's a big plus."
"It is competitive in the security market."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"​Pricing must be cheaper than the competition and the licensing must be good.​"
report
Use our free recommendation engine to learn which API Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
9%
Construction Company
7%
Computer Software Company
7%
Financial Services Firm
19%
Government
11%
Insurance Company
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...
Ask a question
Earn 20 points
 

Also Known As

Netsparker
Wallarm NG-WAF
 

Overview

 

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank
Panasonic. Miro. Rappi. Wargaming. Gannett. Omio. Acronis. Workforce Software. Tipalti. SEMRush.
Find out what your peers are saying about Invicti vs. Wallarm NG WAF and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.