Try our new research platform with insights from 80,000+ expert users

Imperva Application Security Platform vs Invicti comparison

Imperva and Invicti are both solutions in the API Security category. Imperva is ranked #2 with an average rating of 8.3, while Invicti is ranked #8 with an average rating of 8.5. Imperva holds a 9.3% mindshare in APIS, compared to Invicti’s 3.0% mindshare. Additionally, 95% of Imperva users are willing to recommend the solution, compared to 96% of Invicti users who would recommend it.
Imperva Application Securit...
Read 135 Imperva Application Security Platform reviews
  • 11,377 Views
  • 796 Comparison Views
95% willing to recommend
Invicti
Read 31 Invicti reviews
  • 3,717 Views
  • 297 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 22, 2026

Invicti and Imperva compete in application security, with Invicti favored for pricing and support, while Imperva is noted for its feature set that justifies its price.

Features: Invicti excels in efficient vulnerability detection, seamless integration, and user-friendly design, enhancing security assessments. Imperva's strengths lie in advanced threat intelligence, real-time monitoring, and wide-ranging protection against web threats.

Room for Improvement: Invicti can enhance performance during extensive full scans and improve intermittent result accuracy. Imperva could benefit from simplifying its setup process, reducing initial complexity, and enhancing report customization options.

Ease of Deployment and Customer Service: Invicti is notable for its straightforward deployment and dependable support. Imperva, while involving a more intricate setup, provides robust documentation and extensive training resources, supporting a comprehensive customer service framework.

Pricing and ROI: Invicti offers an attractive pricing model with efficient returns, appealing to budget-conscious organizations. Imperva, although having a higher initial cost, delivers significant long-term value via extensive security features, representing a strategic investment for those seeking comprehensive security benefits.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Imperva Application Security Platform vs. Invicti Report (Updated: February 2026).
Buyer's Guide
Imperva Application Security Platform vs. Invicti
February 2026
Download the complete report
Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Imperva Application Securit...
Ranking in API Security
2nd
Average Rating
8.6
Reviews Sentiment
7.0
Number of Reviews
135
Ranking in other categories
CDN (3rd), Web Application Firewall (WAF) (3rd), Distributed Denial-of-Service (DDoS) Protection (4th), Bot Management (1st)
Invicti
Ranking in API Security
8th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (11th), Container Security (25th), Software Composition Analysis (SCA) (8th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (5th)
 

Mindshare comparison

As of March 2026, in the API Security category, the mindshare of Imperva Application Security Platform is 9.3%, up from 4.5% compared to the previous year. The mindshare of Invicti is 3.0%, up from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
API Security Mindshare Distribution
ProductMindshare (%)
Imperva Application Security Platform9.3%
Invicti3.0%
Other87.7%
API Security
 

Featured Reviews

reviewer1247523 - PeerSpot reviewer
reviewer1247523
Head of Sales Services Department at a comms service provider with 51-200 employees
Solution ensures website availability and proactive threat mitigation
Over the seven years, the most valuable features of Imperva DDoS that I have found are related to DDoS attacks, which are a group of attacks, and not all of them can be resolved on the endpoint level before the website. Using the web firewall before the website is a common use case to protect against malicious requests to the website. I have utilized Imperva's Intelligent Traffic Filtering feature. This feature helps me understand how the attack is progressing and what is happening inside the requests to our website. It allows me to granularly grant or deny access to certain parts of our website. This helps when we know our customers and the types of requests that can be sent from them, enabling us to block some malicious requests. Imperva DDoS has User Behavior Analytics and Threat Intelligence on its board, and this helps us to be protected proactively. Imperva DDoS connects to its database of threats, storing whole information about attacks all over the world in one simple engine. Everyone can use this feature, which can connect to this engine and get information about what is going on at the world level. That is the way to be protected at the company's level. The integration capabilities of Imperva DDoS are very easy and simple. We can run it in 2 hours.
Read full review
Valavan Sivgalingam - PeerSpot reviewer
Valavan Sivgalingam
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There is no need to have an appliance in house for the services because it is on the cloud."
"Setup was straightforward, very simple. I only entered the domain and Incapsula returned the DNS data that I needed to change for the protection to be configured."
"This product is a reliable defense from malicious attacks on a network environment."
"We have peace of mind that nobody will use malware on us or try to hack our website."
"It mitigates all of the availabilities of risks around web applications."
"Scalability has been pretty good, our European traffic has doubled and our sales have gone up along with our stability."
"Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva."
"Imperva is easy to use and deploy. The UI is excellent."
More Imperva Application Security Platform pros
"One of the features I like about this program is the low number of false positives and the support it offers."
"NetSparker is a very easy to use and understand product."
"The platform is stable."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"Invicti has done a commendable job with respect to ROI, and with respect to being a cost-effective solution and one of the market leaders as an effective solution for SAST and DAST, Invicti has performed very well."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"I would definitely recommend it to those who really want to know in-depth details of their applications/products regarding security."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
More Invicti pros
 

Cons

"Imperva always needs to adjust to new versions of cyber attacks, it needs to be faster, improve the resiliency of the software of the solution."
"I guess the GUI could be improved a little, as it’s not always simple to get."
"The API is lackluster but especially for customers."
"Their portal is very limited and needs improvement."
"Incapsula services also provides load balancing services for their service IP address environment. So far, with monitoring their services, the IP address was only changed once."
"There is nothing specific where the application firewall is falling short."
"The process to upgrade from one version to another can be a lot simpler than it is currently."
"Incapsula: Allow easier scripting of firewall rules."
More Imperva Application Security Platform cons
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The solution needs to make a more specific report."
"The support's response time could be faster since we are in different time zones."
"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
"Currently, there is nothing I would like to improve."
"It is a good tool, as we found out with the Community Edition trial, but the price point is quite expensive for a startup or average-sized company."
"They could enhance the support for data swap testing for the platform."
"The custom attack preparation screen might be improved."
More Invicti cons
 

Pricing and Cost Advice

"There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
"It is a very affordable solution."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a five out of ten."
"It's an excellent product, but it can be very costly."
"There are a couple of different licensing models."
"Varies depending on the needs of the customer."
"The data packages are higher than our needs so we end up paying for data that we don't use."
"I rate the product price a four on a scale of one to ten, where one is a low price, and ten is a high price."
More Imperva Application Security Platform pricing and cost advice
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"It is competitive in the security market."
"We never had any issues with the licensing; the price was within our assigned limits."
"The price should be 20% lower"
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"OWASP Zap is free and it has live updates, so that's a big plus."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
More Invicti pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which API Security solutions are best for your needs.
See recommendations
884,873 professionals have used our research since 2012.
 

Comparison Review

it_user68487 - PeerSpot reviewer
it_user68487
Security Expert with 51-200 employees
Nov 6, 2013
CloudFlare vs Incapsula: Web Application Firewall
CloudFlare vs Incapsula: Round 2 Web Application Firewall Comparative Penetration Testing Analysis Report v1.0 Summary This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
9%
Comms Service Provider
6%
Financial Services Firm
15%
Manufacturing Company
9%
Computer Software Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business84
Midsize Enterprise25
Large Enterprise62
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
 

Questions from the Community

Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
Imperva is a strong choice, given their security focus and ongoing R&D into the product in areas such as bot management.
See all answers
What is your experience regarding pricing and costs for Imperva DDoS?
The pricing, setup costs, and licensing of Imperva DDoS are reasonable for the amount of technical capabilities provided. I would rate the pricing of Imperva DDoS as five, where one is very cheap a...
See all answers
What needs improvement with Imperva DDoS?
I would like to see improvements in the pooling of threats and attacks, possibly to enlarge the scale of indicators of compromise. For example, the initiation of an attack on the endpoint level cou...
See all answers
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150 or sometimes less than $100, depending on the conversion or the number of licen...
See all answers
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-to-neck competitors. Speaking about it, there are a couple of factors which they ...
See all answers
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with respect to PAM, I have worked with BeyondTrust. I have not worked specifically fo...
See all answers
 

Comparisons

Cloudflare vs Imperva Application Security Platform Logo
Cloudflare vs Imperva Application Security Platform
Compared 11% of the time
Fortinet FortiWeb vs Imperva Application Security Platform Logo
Fortinet FortiWeb vs Imperva Application Security Platform
Compared 6% of the time
Akamai vs Imperva Application Security Platform Logo
Akamai vs Imperva Application Security Platform
Compared 6% of the time
F5 Advanced WAF vs Imperva Application Security Platform Logo
F5 Advanced WAF vs Imperva Application Security Platform
Compared 3% of the time
AWS WAF vs Imperva Application Security Platform Logo
AWS WAF vs Imperva Application Security Platform
Compared 3% of the time
More Imperva Application Security Platform Competitors
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 9% of the time
Veracode vs Invicti Logo
Veracode vs Invicti
Compared 8% of the time
SonarQube vs Invicti Logo
SonarQube vs Invicti
Compared 6% of the time
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
Compared 5% of the time
Rapid7 InsightAppSec vs Invicti Logo
Rapid7 InsightAppSec vs Invicti
Compared 4% of the time
More Invicti Competitors
 

Product Reports

Buyer's Guide
Imperva Application Security Platform
March 2026
Imperva Application Security Platform reportDownload Imperva Application Security Platform product report
Buyer's Guide
Invicti
March 2026
Invicti reportDownload Invicti product report
 

Also Known As

Imperva Bot Management, Imperva Web Application Firewall, Imperva API Security
Netsparker
 

Overview

Imperva Application Security Platform delivers comprehensive and continuous web threat protection. Renowned for its ease of use, it shields web applications and databases from various cyber threats while integrating seamlessly with cloud and on-premises environments.

Imperva Application Security Platform protects web environments by offering advanced security measures against threats like DDoS attacks, SQL injections, and cross-site scripting. As a robust web application firewall, it provides extensive monitoring and bot management capabilities. The platform integrates content delivery networks for enhanced performance and scalability, while real-time traffic analysis ensures consistent protection. Despite its strengths, improvements can be made in policy management and customization options. Users seek better integration with third-party tools and more competitive pricing models. The inclusion of AI for enhanced analytics is also anticipated.

What are the key features of Imperva Application Security Platform?
  • Correlated Attack Validation: Enhances threat assessment by linking related security events.
  • Threat Radar: Offers visibility into potential and ongoing threats.
  • Virtual Patching: Provides protection against vulnerabilities without immediate code changes.
  • IncapRules: Allows creation of custom security policies.
  • DDoS Protection: Defends against large-scale distributed denial-of-service attacks.
  • CDN Integration: Improves content delivery speed and reliability.
What benefits should users look for in reviews?
  • User-Friendly Administration: Simplifies setup and ongoing management tasks.
  • Seamless Integration: Ensures smooth operation with existing infrastructure.
  • Comprehensive Threat Protection: Shields digital assets from a wide range of threats.
  • Hands-On Support: Provides timely and effective customer service assistance.

Imperva Application Security Platform is implemented in industries needing strong database and application protection. Companies use it to enforce geolocation restrictions and manage bots, benefiting sectors like finance and e-commerce where data security and threat monitoring are critical. Its ability to protect and ensure data accessibility makes it integral to business operations prioritizing cyber resilience.

Imperva

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti
 

Sample Customers

Hitachi, BNZ, Bitstamp, Moz, InnoGames, BTCChina, Wix, LivePerson, Zillow and more.
Samsung, The Walt Disney Company, T-Systems, ING Bank
Buyer's Guide
Imperva Application Security Platform vs. Invicti
February 2026
Free Report: Imperva Application Security Platform vs. Invicti
Find out what your peers are saying about Imperva Application Security Platform vs. Invicti and other solutions. Updated: February 2026.
DOWNLOAD NOW
884,873 professionals have used our research since 2012.
See our Imperva Application Security Platform vs. Invicti report.
See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.