Invicti vs OpenText Core Application Security comparison

Invicti and OpenText are both solutions in the Static Application Security Testing (SAST) category. Invicti is ranked #15 with an average rating of 8.7, while OpenText is ranked #13 with an average rating of 8.0. Invicti holds a 1.5% mindshare in SAST, compared to OpenText’s 3.6% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 89% of OpenText users who would recommend it.

Invicti

Read 30 Invicti reviews

2,738 Views
2,081 Comparison Views

96% willing to recommend

OpenText Core Application S...

Read 60 OpenText Core Application Security reviews

6,920 Views
5,328 Comparison Views

89% willing to recommend

Invicti

OpenText Core Application S...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 21, 2025

OpenText Core Application Security and Invicti are strong contenders in the application security market. While OpenText is preferred for its comprehensive testing capabilities, Invicti gains an edge with its proof-based scanning that reduces false positives, appealing for quick deployment.

Features: OpenText offers HIPAA compliance, static and dynamic scanning correlations, and 24/7 support. Invicti includes advanced vulnerability detection, comprehensive scanning capabilities, and proof-based detection to minimize false positives.

Room for Improvement: OpenText can enhance integration with incident management, reduce false positives, and expand supported languages. Invicti could benefit from shorter scan times, simplified authentication processes, and improved reporting features.

Ease of Deployment and Customer Service: OpenText provides extensive deployment options including on-premises and cloud solutions, with highly rated customer service. Invicti offers reliable public and on-premises deployment options, though customer service feedback suggests there is room for improvement.

Pricing and ROI: OpenText’s pricing model is considered expensive but its features justify the cost for larger organizations, offering solid ROI. Invicti is seen as costly for smaller enterprises; however, its robust scanning and reduced false positives provide value for money.

To learn more, read our detailed Invicti vs. OpenText Core Application Security Report (Updated: September 2025).

Buyer's Guide

Invicti vs. OpenText Core Application Security

September 2025

Download the complete report

Helped 868,787 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Invicti

Ranking in Static Application Security Testing (SAST)

15th

Average Rating

8.2

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

API Security (10th), Dynamic Application Security Testing (DAST) (5th)

OpenText Core Application S...

Ranking in Static Application Security Testing (SAST)

13th

Average Rating

8.0

Reviews Sentiment

7.8

Number of Reviews

Ranking in other categories

Application Security Tools (14th)

Mindshare comparison

As of October 2025, in the Static Application Security Testing (SAST) category, the mindshare of Invicti is 1.5%, up from 1.2% compared to the previous year. The mindshare of OpenText Core Application Security is 3.6%, down from 4.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Market Share Distribution
Product	Market Share (%)
OpenText Core Application Security	3.6%
Invicti	1.5%
Other	94.9%

Static Application Security Testing (SAST)

Featured Reviews

Kunal M

Capability Center Leader, ETRM Platforms at Shell

Proactive scanning measures and realistic audit recommendations enhance development focus

Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Read full review

Jonathan Steyn

Principal Technical Consultant at EOH

Source code analyzer, FPR file generation, reduction of false positives and generates compliance reports, for in-depth analysis

Not challenges with the product itself. The product is very reliable. It does have a steep learning curve. But, again, one thing that Fortify or OpenText does very well is training. There are a lot of free resources and training in the community forums, free training as well as commercial training where users can train on how to use the back-end systems and the scanning engines and how to use command-line arguments because some of the procedures or some of the tools do require a bit of a learning curve. That's the only challenge I've really seen for customers because you have to learn how to use the tool effectively. But Fortify has, in fact, improved its user interface and the way users engage the dashboards and the interfaces. It is intuitive. It's easy to understand. But in some regards, the cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions. But from the point of the reliability index and how powerful the tool is, there's no challenge there. But it's just from a learning perspective; users might need a bit more skill to use the tool. The user interface isn't that tedious. It's not that difficult to understand. When I initially learned how to use the interfaces, I was able to master it within a week and was able to use it quite effectively. So training is required. All skills are needed to learn how to use the tool. I would like to see more enhancements in the dashboards. Dashboards are available. They do need some configuration and settings. But I would like to see more business intelligence capabilities within the tool. It's not particularly a cybersecurity function, but, for instance, business impact analysis or other features where you can actually use business intelligence capabilities within your security tool. That would be remarkable because not only do you have a cybersecurity tool, but you also have a tool that can give you business impact analysis and some other measurements. A bit more intelligence in terms of that from a cybersecurity perspective would be remarkable.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."

"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."

"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."

"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."

"Netsparker provides a more interactive interface that is more appealing."

"This tool is really fast and the information that they provide on vulnerabilities is pretty good."

"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."

"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."

More Invicti pros

"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."

"The solution is user-friendly."

"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."

"The source code analyzer is the most effective for identifying security vulnerabilities."

"Provides good depth of scanning and we get good results."

"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."

"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."

More OpenText Core Application Security pros

Cons

"The scanner itself should be improved because it is a little bit slow."

"The custom attack preparation screen might be improved."

"The solution needs to make a more specific report."

"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

"The solution's false positive analysis and vulnerability analysis libraries could be improved."

"Netsparker doesn't provide the source code of the static application security testing."

"Maybe the ability to make a good reporting format is needed."

"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."

More Invicti cons

"Fortify on Demand could be improved with support in Russia."

"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."

"The cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions."

"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."

"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."

"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."

"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."

"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."

More OpenText Core Application Security cons

Pricing and Cost Advice

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"The price should be 20% lower"

"OWASP Zap is free and it has live updates, so that's a big plus."

"It is competitive in the security market."

"We never had any issues with the licensing; the price was within our assigned limits."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

More Invicti pricing and cost advice

"It is not more expensive than other solutions, but the pricing is competitive."

"The pricing can be improved because it is complex when compared to the competition."

"The licensing was good because the licenses have the heavy centralized server."

"The solution is a little expensive."

"We make an annual purchase of the licenses we need."

"Despite being on the higher end in terms of cost, the biggest value lies in its abilities, including robust features, seamless integration, and high-quality findings."

"Fortify on Demand is moderately priced, but its pricing could be more flexible."

"It is cost-effective."

More OpenText Core Application Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

868,787 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

15%

Manufacturing Company

Government

Financial Services Firm

19%

Manufacturing Company

15%

Computer Software Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	13
Midsize Enterprise	4
Large Enterprise	13

By reviewers
Company Size	Count
Small Business	16
Midsize Enterprise	8
Large Enterprise	43

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.

See all answers

What do you like most about Invicti?

The most valuable feature of Invicti is getting baseline scanning and incremental scan.

See all answers

What needs improvement with Invicti?

The main concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, ...

See all answers

What do you like most about Micro Focus Fortify on Demand?

It helps deploy and track changes easily as per time-to-time market upgrades.

See all answers

What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?

In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...

See all answers

What needs improvement with Micro Focus Fortify on Demand?

There are frequent complaints about false positives from Fortify. One day it may pass a scan with no issues, and the next day, without any code changes, it will report vulnerabilities such as passw...

See all answers

Comparisons

Acunetix vs Invicti

Compared 18% of the time

OWASP Zap vs Invicti

Compared 8% of the time

Veracode vs Invicti

Compared 7% of the time

SonarQube Server (formerly SonarQube) vs Invicti

Compared 7% of the time

Rapid7 AppSpider vs Invicti

Compared 3% of the time

More Invicti Competitors

SonarQube Server (formerly SonarQube) vs OpenText Core Application Security

Compared 16% of the time

Checkmarx One vs OpenText Core Application Security

Compared 13% of the time

Coverity Static vs OpenText Core Application Security

Compared 9% of the time

Veracode vs OpenText Core Application Security

Compared 9% of the time

GitHub Advanced Security vs OpenText Core Application Security

Compared 6% of the time

More OpenText Core Application Security Competitors

Product Reports

Buyer's Guide

Invicti

September 2025

Download Invicti product report

Buyer's Guide

OpenText Core Application Security

September 2025

OpenText Core Application Security report

Download OpenText Core Application Security product report

Also Known As

Netsparker

Micro Focus Fortify on Demand

Overview

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti

OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.

OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.

What features define OpenText Core Application Security?

Static and Dynamic Scanning: Offers thorough analysis to identify vulnerabilities during development.
Real-time Vulnerability Tracking: Continuously updates and monitors potential security threats.
Seamless Development Platform Integration: Enhances security processes without disrupting workflows.
Cloud-Based Service: Provides flexible, on-demand security capabilities with accurate results.
API Support: Allows smooth integration and automation within existing systems.

What benefits should users look for in reviews?

Reduced Operational Costs: Optimizes resources by lowering costs associated with security management.
Efficient Remediation: Speeds up the process of identifying and resolving vulnerabilities.
Enhanced Code Security: Strengthens overall application security during the development lifecycle.
Accelerated Time-to-Market: Streamlines development stages by integrating essential security tools.

Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.

OpenText

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Buyer's Guide

Invicti vs. OpenText Core Application Security

September 2025

Free Report: Invicti vs. OpenText Core Application Security

Find out what your peers are saying about Invicti vs. OpenText Core Application Security and other solutions. Updated: September 2025.

DOWNLOAD NOW

868,787 professionals have used our research since 2012.

See our Invicti vs. OpenText Core Application Security report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.