Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and automation and integrations enable customers to achieve broad coverage of thousands of applications. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes all over the world.
N/A
ReadyAPI
Score 8.1 out of 10
N/A
ReadyAPI (formerly SoapUI Pro, LoadUI Pro, and ServiceV Pro) is a REST and SOAP API functional testing tool that enables software developers, QA engineers, and manual testers to work together to create, maintain, and execute complex end-to-end API tests in their CI/CD pipelines without needing to code.
Netsparker is very thorough but can take a very long time to scan a web application. It can also take a long time to learn and configure. Its thoroughness is a very good part of the product but if the application does [not] need this thoroughness it is probably a waste of time to run Netsparker on the website.
As stated, we do a LOT of API testing, the swaggerhub import makes it easy to add APIs. This is very well-suited, as well as easy management of the steps/cases/suites inside of ReadyAPI. The one thing I do wish ReadyAPI was better suited for is changes to data, we have a lot of test cases in ReadyAPI and if we make a change to how the backend data is structured, one-by-one adjustments need to be made to the steps. Less appropriate, UI testing.
NetSparker has excellent customer service. When our team had to learn to use it for the first time, we had to communicate directly with NetSparker consultants.
NetSparker is very user-friendly. It's UI is organized and keeps all the different scans we have set-up in a very clean visual.
Netsparker has a selection of workflows and integration tools that make it useful for keeping all of my teammates on the same page.
Netsparker Cloud is expensive and restricts the number of website URLs that you are allowed to scan. This restricts us from scanning all of the websites that we create and only allows us to scan a small subset of number of the website we produce.
Netsparker is difficult to configure and I often need to open a ticket with support to figure out how to use the product. I have been vulnerability testing websites for over 10 years and I still don't think I really know how to use Netsparker.
Netsparker can take a very long time to complete a scan due to the number of items it can scan for. Be certain to reduce the technologies that your scan will be looking at. Also, expect a large website to possibly take over two days to complete. Not something you really want to have happen on a developer checking on some source code.
The only reason this isn't a '10' is because of the cost. This product is definitely meant for organizations who are serious about making sure they invest in the full ecosystem of API design, development, maintenance. But there is a significant cost associated with this investment. and because of this cost (and the non-tangible output for executives), it is a difficult line-item to justify in this post-pandemic environment.
SoapUI allows us to combine multiple tests and adhere to the sequence that they need to run in order to complete successfully. It has an excellent GUI design and the reporting mechanism is also very good. It does consume a lot of memory though during concurrent testing
Soap UI has managed to continuously build on it's solid foundation and keep improving by each release. It is by far the most dependable and accurate testing tool out there of its kind. Available via connecting to VM's created as SoapUI test machines give access to it anytime, anywhere practically.
NetSparker support is amazing. When first introducing this software to the team, there was a lot of communication going on between Netsparker consultants and our team. They have answered our questions very efficiently and have had consultants come to our department for training. They are open to suggestions for improvements and enhancements as well.
To be honest, we didnt had much issues with the support, as there is already plenty of online communities available for help. But if ever there were some minor issues with the membership or the certificates, the tech support was always quick and efficient enough to resolve the issue ASAP
I currently use OWASP ZAP, Burp Suite Professional and Veracode Dynamic Scan. ZAP is very easy to use and the web developers use it regularly. Burp Suite is very customizable as is Netsparker but usually take much less time to scan a website. Both of these tools are programmable and allow me to add special items to a scan when I need it. They are also much better documented. Veracode also has a static code analysis tool that we use much more often then the dynamic analysis tool but we do use both parts of Veracode.
ReadyAPI provides intuitive GUI capabilities compared to their own open source product. When compared to Postman, ReadyAPI also supports SOAP based services, which is a saver especially when integrating with legacy or other third party systems.
It has an excellent GUI design and the reporting mechanism is also very good. It does consume a lot of memory though during concurrent testing. However, I have read that added monitoring tools have been added, which if so the 7 could possibly go to a 8 or 9.
