Try our new research platform with insights from 80,000+ expert users

Invicti vs Software Risk Manager ASPM comparison

Invicti and Black Duck are both solutions in the Application Security Posture Management (ASPM) category. Invicti is ranked #5 with an average rating of 8.5, while Black Duck is ranked #14. Invicti holds a 3.7% mindshare in ASPM, compared to Black Duck’s 3.8% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution.
Sponsored
Cortex Cloud by Palo Alto N...
Read 11 Cortex Cloud by Palo Alto Networks reviews
  • 1,955 Views
  • 176 Comparison Views
100% willing to recommend
Invicti
Read 31 Invicti reviews
  • 3,717 Views
  • 595 Comparison Views
96% willing to recommend
Software Risk Manager ASPM
Read 1 Software Risk Manager ASPM review
  • 1,390 Views
  • 528 Comparison Views
0% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 22, 2026

Invicti and Software Risk Manager ASPM are notable competitors in the application security sector. Invicti holds an advantage in customer service and pricing, while Software Risk Manager ASPM attracts tech buyers with its superior feature set.

Features: Invicti offers robust automated scanning, integration with multiple development tools, and efficient security testing, streamlining the security process. Software Risk Manager ASPM provides comprehensive vulnerability management, advanced threat detection, and in-depth security analysis, making it suitable for organizations focusing on thorough security measures.

Ease of Deployment and Customer Service: Invicti provides a straightforward deployment process and has accessible customer support, making it ideal for teams seeking a smooth implementation. Software Risk Manager ASPM's extensive features result in a more complex deployment process, but reliable support is still available for organizations requiring robust security functionalities.

Pricing and ROI: Invicti offers a competitive setup cost, focusing on quick ROI through efficient security testing, appealing to cost-conscious buyers. Software Risk Manager ASPM may involve higher initial costs, yet its comprehensive feature set offers substantial value, promising a strong ROI for those prioritizing detailed application security.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Application Security Posture Management (ASPM) Report (Updated: March 2026).
Buyer's Guide
Application Security Posture Management (ASPM)
March 2026
Download the complete report
Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Cloud by Palo Alto N...
Sponsored
Ranking in Application Security Posture Management (ASPM)
6th
Average Rating
8.6
Reviews Sentiment
5.7
Number of Reviews
11
Ranking in other categories
Vulnerability Management (27th), Cloud Workload Protection Platforms (CWPP) (13th), Cloud Security Posture Management (CSPM) (18th), Cloud-Native Application Protection Platforms (CNAPP) (12th), Data Security Posture Management (DSPM) (12th), Software Supply Chain Security (7th), Cloud Infrastructure Entitlement Management (CIEM) (6th), Cloud Detection and Response (CDR) (4th)
Invicti
Ranking in Application Security Posture Management (ASPM)
5th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (11th), Container Security (25th), Software Composition Analysis (SCA) (8th), API Security (8th), Dynamic Application Security Testing (DAST) (4th)
Software Risk Manager ASPM
Ranking in Application Security Posture Management (ASPM)
14th
Average Rating
0.0
Reviews Sentiment
7.0
Number of Reviews
1
Ranking in other categories
Static Application Security Testing (SAST) (29th), Software Composition Analysis (SCA) (21st)
 

Mindshare comparison

As of March 2026, in the Application Security Posture Management (ASPM) category, the mindshare of Cortex Cloud by Palo Alto Networks is 1.8%. The mindshare of Invicti is 3.7%, up from 2.4% compared to the previous year. The mindshare of Software Risk Manager ASPM is 3.8%, up from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Posture Management (ASPM) Mindshare Distribution
ProductMindshare (%)
Invicti3.7%
Cortex Cloud by Palo Alto Networks1.8%
Software Risk Manager ASPM3.8%
Other90.7%
Application Security Posture Management (ASPM)
 

Featured Reviews

SJ
Sonali Jha
Technical Solutions Architect at IBM
Cloud security has improved as AI-driven runtime protection detects threats and reduces incidents
In my opinion, Cortex Cloud by Palo Alto Networks could be improved or enhanced in various ways. I don't have an idea about that yet because for that you actually need to use two or three different other tools to make a basic comparison. If you ask me how good the tool is, I would fairly rate it quite high. The tool is very popular, and customers can already see that it is one of the cloud leaders in the security space. The platform had a very good feature which provides documentation links about how to use a specific feature on the UI. It takes you to the proper documentation page where it suggests what to do and tells you about the steps that need to be done for a resource deployment. My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella. It has XDR, XSOAR, and Cortex Cloud by Palo Alto Networks. Before, we used to have separate modules and separate environments for each of these capabilities or features. Right now, it is a little complex and users would take their own time to know the tool better. This is something that would have been way better, but I would say there would be different opinions on this. Talking about user-friendliness, it has decreased now.
Read full review
Valavan Sivgalingam - PeerSpot reviewer
Valavan Sivgalingam
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Read full review
Saravanan_Radhakrishnan - PeerSpot reviewer
Saravanan_Radhakrishnan
Senior Manager at Happiest Minds Technologies
Facilitates continuous assessment of applications, covering both static and dynamic security aspects
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."
"The capabilities of Cortex Cloud by Palo Alto Networks are valuable because it is the best product in the market."
"From a technical standpoint or pricing, Cortex Cloud by Palo Alto Networks is a stronger solution in the market at the moment compared to other products from ConnectWise or Symantec."
"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."
"The most valuable features I have found in Cortex Cloud by Palo Alto Networks are those that we provided to customers in a stock environment, as we have done some POCs and tried to check how it can help different organizations, and this same solution has been positioned for multiple customers."
"The most beneficial aspect of Cortex Cloud by Palo Alto Networks and Palo Alto in general is that there is a single platform for all cloud providers for securitization."
"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."
"Cortex Cloud by Palo Alto Networks' cloud runtime security in terms of stopping attacks in real time is impressive."
More Cortex Cloud by Palo Alto Networks pros
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The solution generates reports automatically and quickly."
"Invicti has done a commendable job with respect to ROI, and with respect to being a cost-effective solution and one of the market leaders as an effective solution for SAST and DAST, Invicti has performed very well."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"Its ability to crawl a web application is quite different than another similar scanner."
"NetSparker is a very easy to use and understand product."
"I would rate the stability as ten out of ten."
"I would definitely recommend to those who really want to know in-depth details of their applications/products regarding the security of their web system."
More Invicti pros
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
 

Cons

"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."
"Cortex Cloud by Palo Alto Networks is not the cheapest solution in the market, but I know that is the best solution for SOC and Cloud once have all tools to connect cloud issues with SOC procedures, because we are partners with T-Systems."
"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."
"My thoughts about improving the product which I believe could greatly aid vendors is that it used to be a very user-friendly tool, but now they have incorporated everything under one umbrella."
"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."
"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."
"In my opinion, Cortex Cloud by Palo Alto Networks can be improved by addressing forensic information collection and storage, although I cannot suggest specific things right now, based on what customers might need."
"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."
More Cortex Cloud by Palo Alto Networks cons
"The solution needs to make a more specific report."
"Right now, they are missing the static application security part, especially web application security."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
"The scanner itself should be improved because it is a little bit slow."
"The support's response time could be faster since we are in different time zones."
"Netsparker doesn't provide the source code of the static application security testing."
More Invicti cons
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
 

Pricing and Cost Advice

Information not available
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We never had any issues with the licensing; the price was within our assigned limits."
"It is competitive in the security market."
"OWASP Zap is free and it has live updates, so that's a big plus."
"The price should be 20% lower"
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
More Invicti pricing and cost advice
"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.
See recommendations
884,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
9%
Manufacturing Company
9%
Performing Arts
8%
Computer Software Company
7%
Financial Services Firm
15%
Manufacturing Company
9%
Computer Software Company
9%
Government
7%
Financial Services Firm
18%
University
9%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise1
Large Enterprise4
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?
The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...
See all answers
What needs improvement with Cortex Cloud by Palo Alto Networks?
As per my experience with Cortex Cloud by Palo Alto Networks, the UI could be simpler. There are few features which a...
See all answers
What is your primary use case for Cortex Cloud by Palo Alto Networks?
My use case for Cortex Cloud by Palo Alto Networks is for CSPM, application security, and IAM. I use it for checking ...
See all answers
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150...
See all answers
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-t...
See all answers
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with r...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Wiz vs Cortex Cloud by Palo Alto Networks Logo
Wiz vs Cortex Cloud by Palo Alto Networks
Compared 16% of the time
Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks Logo
Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks
Compared 15% of the time
SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks Logo
SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks
Compared 9% of the time
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks Logo
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks
Compared 6% of the time
WithSecure Elements Exposure Management (XM) vs Cortex Cloud by Palo Alto Networks Logo
WithSecure Elements Exposure Management (XM) vs Cortex Cloud by Palo Alto Networks
Compared 6% of the time
More Cortex Cloud by Palo Alto Networks Competitors
Acunetix vs Invicti Logo
Acunetix vs Invicti
Compared 9% of the time
Veracode vs Invicti Logo
Veracode vs Invicti
Compared 8% of the time
SonarQube vs Invicti Logo
SonarQube vs Invicti
Compared 6% of the time
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
Compared 5% of the time
Rapid7 InsightAppSec vs Invicti Logo
Rapid7 InsightAppSec vs Invicti
Compared 4% of the time
More Invicti Competitors
PortSwigger Burp Suite Professional vs Software Risk Manager ASPM Logo
PortSwigger Burp Suite Professional vs Software Risk Manager ASPM
Compared 21% of the time
Polaris Platform vs Software Risk Manager ASPM Logo
Polaris Platform vs Software Risk Manager ASPM
Compared 8% of the time
Veracode vs Software Risk Manager ASPM Logo
Veracode vs Software Risk Manager ASPM
Compared 7% of the time
Checkmarx One vs Software Risk Manager ASPM Logo
Checkmarx One vs Software Risk Manager ASPM
Compared 7% of the time
Snyk vs Software Risk Manager ASPM Logo
Snyk vs Software Risk Manager ASPM
Compared 6% of the time
More Software Risk Manager ASPM Competitors
 

Product Reports

Buyer's Guide
Cortex Cloud by Palo Alto Networks
March 2026
Cortex Cloud by Palo Alto Networks reportDownload Cortex Cloud by Palo Alto Networks product report
Buyer's Guide
Invicti
March 2026
Invicti reportDownload Invicti product report
Buyer's Guide
Application Security Posture Management (ASPM)
March 2026
Software Risk Manager ASPM reportDownload Software Risk Manager ASPM product report
 

Also Known As

No data available
Netsparker
Code Dx
 

Overview

Cortex Cloud by Palo Alto Networks provides comprehensive cybersecurity management, focusing on enhancing security operations with advanced automation and threat intelligence, addressing complex security challenges efficiently.

Cortex Cloud by Palo Alto Networks integrates cloud-scale data analytics and automation to streamline security operations, enabling faster threat detection and response. It leverages AI and machine learning to provide real-time threat intelligence and automate routine tasks, reducing the burden on security teams. Users benefit from improved visibility across networks and greater operational efficiency, making it crucial for enterprises aiming to secure their digital assets against evolving cyber threats.

What are the key features of Cortex Cloud by Palo Alto Networks?

  • Automated Threat Detection: Identifies and mitigates threats in real-time using AI algorithms.
  • Advanced Analytics: Provides in-depth data insights for proactive threat prevention.
  • Incident Management: Streamlines incident response with automated workflows.
  • Scalable Architecture: Offers flexibility to grow with organizational needs.

What benefits or ROI should you expect from Cortex Cloud by Palo Alto Networks reviews?

  • Increased Efficiency: Automation reduces manual efforts in threat management.
  • Enhanced Security Posture: Improved visibility leads to better threat preparedness.
  • Cost Savings: Minimizes expenses related to manual threat detection and response.
  • Scalability: Grows with the organization, reducing the need for constant upgrades.

Cortex Cloud by Palo Alto Networks is favored in sectors like finance, healthcare, and telecommunications, where data security is paramount. Its ability to integrate with existing infrastructure and provide real-time insights makes it a preferred choice for securing sensitive information and ensuring compliance within industry regulations.

Palo Alto Networks

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck
 

Sample Customers

Information Not Available
Samsung, The Walt Disney Company, T-Systems, ING Bank
Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".
Buyer's Guide
Application Security Posture Management (ASPM)
March 2026
Download Free Report
Find out what your peers are saying about Veracode, Snyk, Checkmarx and others in Application Security Posture Management (ASPM). Updated: March 2026.
DOWNLOAD NOW
884,873 professionals have used our research since 2012.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.