Try our new research platform with insights from 80,000+ expert users

Imperva Application Security Platform vs Invicti comparison

Imperva and Invicti are both solutions in the API Security category. Imperva is ranked #2 with an average rating of 8.4, while Invicti is ranked #9 with an average rating of 8.5. Imperva holds a 8.6% mindshare in APIS, compared to Invicti’s 2.8% mindshare. Additionally, 95% of Imperva users are willing to recommend the solution, compared to 96% of Invicti users who would recommend it.
Imperva Application Securit...
Read 133 Imperva Application Security Platform reviews
  • 10,598 Views
  • 742 Comparison Views
95% willing to recommend
Invicti
Read 31 Invicti reviews
  • 3,424 Views
  • 274 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 21, 2025

Invicti and Imperva Application Security Platform compete in the web application security domain. Invicti appears to have the upper hand in pricing and support, while Imperva's advanced features make it a strong contender for comprehensive security needs.

Features: Invicti boasts highly accurate automated scanning technology, seamless integration with development environments, and user-friendly interfaces. Conversely, Imperva provides advanced threat intelligence, robust protection mechanisms, and comprehensive security across applications.

Room for Improvement: Invicti could benefit from enhanced scanning speed, deeper data analytics, and improved threat intelligence reporting. Imperva could improve its user interface, simplify integration processes, and reduce the high initial deployment complexity.

Ease of Deployment and Customer Service: Invicti offers straightforward deployment with excellent customer support and user-friendly interfaces. Imperva, while offering more complex deployment, provides superior support and extensive resources to improve user experience, despite its initial configuration demands.

Pricing and ROI: Invicti is recognized for affordable setup costs and a straightforward pricing model, generating promising ROI. Though Imperva has higher initial costs due to its extensive features, it delivers substantial long-term ROI through robust threat protection, making the investment worthwhile for comprehensive security assurance.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Imperva Application Security Platform vs. Invicti Report (Updated: December 2025).
Buyer's Guide
Imperva Application Security Platform vs. Invicti
December 2025
Download the complete report
Helped 881,707 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Imperva Application Securit...
Ranking in API Security
2nd
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
133
Ranking in other categories
CDN (2nd), Web Application Firewall (WAF) (3rd), Distributed Denial-of-Service (DDoS) Protection (4th), Bot Management (1st)
Invicti
Ranking in API Security
9th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (11th), Container Security (26th), Software Composition Analysis (SCA) (8th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (5th)
 

Mindshare comparison

As of February 2026, in the API Security category, the mindshare of Imperva Application Security Platform is 8.6%, up from 4.0% compared to the previous year. The mindshare of Invicti is 2.8%, up from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
API Security Market Share Distribution
ProductMarket Share (%)
Imperva Application Security Platform8.6%
Invicti2.8%
Other88.6%
API Security
 

Featured Reviews

reviewer1247523 - PeerSpot reviewer
reviewer1247523
Head of Sales Services Department at a comms service provider with 51-200 employees
Solution ensures website availability and proactive threat mitigation
Over the seven years, the most valuable features of Imperva DDoS that I have found are related to DDoS attacks, which are a group of attacks, and not all of them can be resolved on the endpoint level before the website. Using the web firewall before the website is a common use case to protect against malicious requests to the website. I have utilized Imperva's Intelligent Traffic Filtering feature. This feature helps me understand how the attack is progressing and what is happening inside the requests to our website. It allows me to granularly grant or deny access to certain parts of our website. This helps when we know our customers and the types of requests that can be sent from them, enabling us to block some malicious requests. Imperva DDoS has User Behavior Analytics and Threat Intelligence on its board, and this helps us to be protected proactively. Imperva DDoS connects to its database of threats, storing whole information about attacks all over the world in one simple engine. Everyone can use this feature, which can connect to this engine and get information about what is going on at the world level. That is the way to be protected at the company's level. The integration capabilities of Imperva DDoS are very easy and simple. We can run it in 2 hours.
Read full review
Valavan Sivgalingam - PeerSpot reviewer
Valavan Sivgalingam
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping."
"It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
"I have had a positive experience with Imperva Web Application Firewall's tech support so far. They are knowledgeable and respond on time."
"The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security."
"On the site security, I can see which countries have incidents, whether it was a robot attack, a real human user, or non-human user."
"It is easy to use and has good security."
"Protection is the best solution since it has profile functionality."
"​Technical support provides good, quick responses."
More Imperva Application Security Platform pros
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"The platform is stable."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"Invicti has done a commendable job with respect to ROI, and with respect to being a cost-effective solution and one of the market leaders as an effective solution for SAST and DAST, Invicti has performed very well."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."
More Invicti pros
 

Cons

"Incapsula services also provides load balancing services for their service IP address environment. So far, with monitoring their services, the IP address was only changed once."
"There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."
"Imperva Web Application Firewall could improve the console by making it easier to use."
"Sometimes our web application firewall will slow down."
"Imperva Web Application Firewall can improve by adding more features to the dashboard. increasing the visibility of the real-time events, besides configuring the administration itself."
"It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."
"The solution needs to improve Integration with third parties for their on-prem deployment models. The integration is not that good yet."
"The solution works for particular zones but isn't always the best solution for all zones."
More Imperva Application Security Platform cons
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Right now, they are missing the static application security part, especially web application security."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"Currently, there is nothing I would like to improve."
"They could enhance the support for data swap testing for the platform."
More Invicti cons
 

Pricing and Cost Advice

"The cost is on par with other solutions such as Cloudflare and Akamai."
"It's an excellent product, but it can be very costly."
"The tool's pricing is good."
"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."
"The cost of this solution depends on the platform."
"It is a very expensive solution. The price is very high. A lot of customers tell us that they would love to use Imperva more. I have some customers who have 50 websites, but they have only 10 websites on Imperva because of the price. They would love to have all their websites running through Imperva, but they can't. They have to choose the more critical websites to protect because the price is very high. It is a very good product, but it is too expensive. If you buy a plan for 20 megabytes and you don't consume all of your 20 megabytes, it is okay, but if you consume more, you are charged for the superior traffic."
"Varies depending on the needs of the customer."
"The price is high compared to other solutions like FortiWeb."
More Imperva Application Security Platform pricing and cost advice
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"It is competitive in the security market."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"The price should be 20% lower"
"OWASP Zap is free and it has live updates, so that's a big plus."
More Invicti pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which API Security solutions are best for your needs.
See recommendations
881,707 professionals have used our research since 2012.
 

Comparison Review

it_user68487 - PeerSpot reviewer
it_user68487
Security Expert with 51-200 employees
Nov 6, 2013
CloudFlare vs Incapsula: Web Application Firewall
CloudFlare vs Incapsula: Round 2 Web Application Firewall Comparative Penetration Testing Analysis Report v1.0 Summary This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
9%
Manufacturing Company
9%
Insurance Company
6%
Financial Services Firm
17%
Computer Software Company
11%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business83
Midsize Enterprise25
Large Enterprise61
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
 

Questions from the Community

Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
Imperva is a strong choice, given their security focus and ongoing R&D into the product in areas such as bot management.
See all answers
What do you like most about Imperva Incapsula?
We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping.
See all answers
What is your experience regarding pricing and costs for Imperva DDoS?
The pricing, setup costs, and licensing of Imperva DDoS are reasonable for the amount of technical capabilities provided. I would rate the pricing of Imperva DDoS as five, where one is very cheap a...
See all answers
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...
See all answers
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...
See all answers
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...
See all answers
 

Comparisons

Cloudflare vs Imperva Application Security Platform Logo
Cloudflare vs Imperva Application Security Platform
Compared 12% of the time
Akamai vs Imperva Application Security Platform Logo
Akamai vs Imperva Application Security Platform
Compared 6% of the time
Fortinet FortiWeb vs Imperva Application Security Platform Logo
Fortinet FortiWeb vs Imperva Application Security Platform
Compared 5% of the time
F5 Advanced WAF vs Imperva Application Security Platform Logo
F5 Advanced WAF vs Imperva Application Security Platform
Compared 4% of the time
AWS WAF vs Imperva Application Security Platform Logo
AWS WAF vs Imperva Application Security Platform
Compared 4% of the time
More Imperva Application Security Platform Competitors
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 13% of the time
SonarQube vs Invicti Logo
SonarQube vs Invicti
Compared 7% of the time
Veracode vs Invicti Logo
Veracode vs Invicti
Compared 7% of the time
Rapid7 InsightAppSec vs Invicti Logo
Rapid7 InsightAppSec vs Invicti
Compared 5% of the time
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
Compared 5% of the time
More Invicti Competitors
 

Product Reports

Buyer's Guide
Imperva Application Security Platform
January 2026
Imperva Application Security Platform reportDownload Imperva Application Security Platform product report
Buyer's Guide
Invicti
January 2026
Invicti reportDownload Invicti product report
 

Also Known As

Imperva Bot Management, Imperva Web Application Firewall, Imperva API Security
Netsparker
 

Overview

Imperva Application Security Platform delivers comprehensive and continuous web threat protection. Renowned for its ease of use, it shields web applications and databases from various cyber threats while integrating seamlessly with cloud and on-premises environments.

Imperva Application Security Platform protects web environments by offering advanced security measures against threats like DDoS attacks, SQL injections, and cross-site scripting. As a robust web application firewall, it provides extensive monitoring and bot management capabilities. The platform integrates content delivery networks for enhanced performance and scalability, while real-time traffic analysis ensures consistent protection. Despite its strengths, improvements can be made in policy management and customization options. Users seek better integration with third-party tools and more competitive pricing models. The inclusion of AI for enhanced analytics is also anticipated.

What are the key features of Imperva Application Security Platform?
  • Correlated Attack Validation: Enhances threat assessment by linking related security events.
  • Threat Radar: Offers visibility into potential and ongoing threats.
  • Virtual Patching: Provides protection against vulnerabilities without immediate code changes.
  • IncapRules: Allows creation of custom security policies.
  • DDoS Protection: Defends against large-scale distributed denial-of-service attacks.
  • CDN Integration: Improves content delivery speed and reliability.
What benefits should users look for in reviews?
  • User-Friendly Administration: Simplifies setup and ongoing management tasks.
  • Seamless Integration: Ensures smooth operation with existing infrastructure.
  • Comprehensive Threat Protection: Shields digital assets from a wide range of threats.
  • Hands-On Support: Provides timely and effective customer service assistance.

Imperva Application Security Platform is implemented in industries needing strong database and application protection. Companies use it to enforce geolocation restrictions and manage bots, benefiting sectors like finance and e-commerce where data security and threat monitoring are critical. Its ability to protect and ensure data accessibility makes it integral to business operations prioritizing cyber resilience.

Imperva

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti
 

Sample Customers

Hitachi, BNZ, Bitstamp, Moz, InnoGames, BTCChina, Wix, LivePerson, Zillow and more.
Samsung, The Walt Disney Company, T-Systems, ING Bank
Buyer's Guide
Imperva Application Security Platform vs. Invicti
December 2025
Free Report: Imperva Application Security Platform vs. Invicti
Find out what your peers are saying about Imperva Application Security Platform vs. Invicti and other solutions. Updated: December 2025.
DOWNLOAD NOW
881,707 professionals have used our research since 2012.
See our Imperva Application Security Platform vs. Invicti report.
See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.