We performed a comparison between Invicti and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"I like that it's stable and technical support is great."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"Its ability to crawl a web application is quite different than another similar scanner."
"The scanner and the result generator are valuable features for us."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The dashboard view and the management view are most valuable."
"Its ease of use and good results are the most valuable."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"Maybe the ability to make a good reporting format is needed."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The support's response time could be faster since we are in different time zones."
"Right now, they are missing the static application security part, especially web application security."
"Netsparker doesn't provide the source code of the static application security testing."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"The only thing that I don't find support for on Mend Prioritize is C++."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
Invicti is ranked 20th in Application Security Tools with 25 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Invicti is rated 8.2, while Mend.io is rated 8.4. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and HCL AppScan, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One. See our Invicti vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.