Overview
Product Information on Invicti
What is Invicti?
Invicti Pricing
Overall experience with Invicti
“Invicti: A Dependable Tool for Web Security Assessments”
“Mixed User Sentiments on Cloud+'s GUI and Integration Capabilities”
About Company
Company Description
Formed through the combination of Netsparker, Acunetix, and Kondukto, Invicti Security provides an application security platform that unifies DAST, SAST, IAST, SCA, API security, secrets scanning, container security, and application security posture management (ASPM) to help enterprise organizations identify, prioritize, and remediate vulnerabilities across their application portfolio. The platform's proof-based scanning validates runtime vulnerabilities while ASPM capabilities correlate findings across security tools to eliminate false positives. AI-powered remediation provides contextual fix recommendations within developer workflows. Key capabilities include automated vulnerability discovery, intelligent risk prioritization, unified dashboard management, and CI/CD pipeline integration.
Company Details
Do You Manage Peer Insights at Invicti?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
User Sentiment About Invicti
Reviewer Insights for: Invicti
Deciding Factors: Invicti Vs. Market Average
Performance of Invicti Across Market Features
Invicti Likes & Dislikes
What really worked for us was the onboarding of the application and its accuracy. It is flagging vulnerabilities that matter, not just the bulk of false positives. This is saving time for my team as they don't have to investigate a wall of false positives. With the automated scans, I don't have to worry if something can get passed into production without proper review as it can capture those for us.
Nice and simple GUI's Interesting integrations with WAF's and ticketing system Apparently it grabs some nice findings
1. Tool Usability and features (like UI, reporting, RBAC, user management, customization etc.) 2. Integration support 3. Scans on Legacy applications, Invicti is providing really good results. 4. POC of confirm Issues.
While Invicti does offer API scanning capabilities, it requires the manual onboarding of each individual API for testing, which is a time-consuming and cumbersome process, especially for large applications with numerous APIs. The capability to onboard already exists but it requires an API Management tool which adds an additional cost. If it could do a discovery on its own like it does for the Web, that would be a great addition to the feature list. In some cases, reporting of certain vulnerabilities may be delayed, potentially due to the time it takes for the database/reference source to be updated. More timely updates would be beneficial and help with faster reporting and response to critical vulnerabilities.
The internal agents were not mature enough to be sold as a product Cloud solution is not currently allowing logins with MFA Poor support - only was able to get good support after threats to renounce the contract.
As mentioned above, scanning for Single Page Applicaitons should be improved and some integration failures.
Top Invicti Alternatives
Peer Discussions
Invicti Reviews and Ratings
- ASSOCIATE DIRECTOR - ARCHITECTURE50M-1B USDServices (non-Government)Review Source
Invicti: A Dependable Tool for Web Security Assessments
We have been using Invicti for a few months now, mostly as part of our regular application security assessment. After using it against the real-life environment, I would say it is one of the dependable tools out there in the market. When it comes to identifying and reporting web-related vulnerabilities, I think it is doing a great job. One of the best parts is the ease of using its interface. Some security tools are hard to get into configuration and make it difficult to configure a scan whereas Invicti feels more practical and efficient. It's easy to get started with, doesn't demand a ton of configuration upfront, and the learning curve is surprisingly simple if I compare it with other tools. We had a few cases where it was able to detect legit issues that were skipped in the manual testing and that is where it fulfils its promise. I wouldn't say there are no false positives, but the number of such instances is very limited. If someone is looking for a deep insights into complex vulnerabilities that are not easy to find, the tool requires some further tuning as the vanilla scan might not capture that. Similarly, if youre doing a lot of single-page apps or dynamic content, you might want to spend a bit of time fine-tuning the scan settings. Overall, it's not a magic box but it does its job well. - Senior Security Technical Lead1B-10B USDIT ServicesReview Source
Invicti: A Powerful Scanning Tool with Room for Improvement
Invicti is a powerful, dynamic application security scanning tool. The tool is easy to use. It provides really good results in legacy applications; however, for single page applications (SPA), there is still a chance of improvements in terms of coverage and issue findings. It provides a wide range of integration support, which helps with DevOps by allowing security testing to be directly integrated into deployments. Jira integration custom fields are not supported, which the tool should provide. The import file size limit needs improvement; currently, 10MB is insufficient. Additionally, the overall limit of 30MB for imported files is not being handled effectively by Invicti. We have faced a few instances where scans were in queue for more than 2-3 days due to shortage of available agents on the Invicti side, Invicti should provide an isolated environment for scanning and should not be impacted by other customers scan backlog. Invicti sometimes has unexpected returns in API calls that result in CI/CD scan failures, so such instances should not occur again. - DIRECTOR, ENGINEERING DEVSECOPS TOOLS1B-10B USDServices (non-Government)Review Source
The Impact of Invicti DAST on Web Application Security
I have a positive experience with the Invicti DAST solution. The platform is intuitive and efficient, with robust scanning capabilities that reliably identify a wide range of vulnerabilities in web applications, including APIs. - SYSTEMS ENGINEER MANAGER10B+ USDRetailReview Source
Seamless Vetting and Sales Process for a Feature-Rich Product
The entire process of vetting the product features and the sales experience was smooth and easy. - TECHNICAL SUPPORT<50M USDMiscellaneousReview Source
Invicti's Impact on Enhancing Web Application Scans for Compliance
Invicti, Helped us scan web applications and comply against PCI DSS and other compliances.