About Invicti

Invicti, formerly Netsparker, web application security solution automatically identifies XSS (cross-site scripting), SQL Injection, and various other vulnerabilities and security flaws in all modern and legacy websites, web applications, and web services. PoCs (proof of concepts) are produced to ensure they are not false positives, eliminating the need for users to double-check vulnerabilities. Invicti finds and reports on every type of web application, regardless of the platform or technology they were built with.

Invicti offers built-in enterprise workflow tools that allow users to scan from 500 to 1000+ web applications at once. Users can configure every detail of the security scan including attack options, scan policies, HTTP options, authentication options, URL rewrite rules, and more. The solution's web service-based REST API allows users to remotely trigger web vulnerability scans anywhere, and anytime. Organizations can also integrate automated security scans in their development environment, and launch vulnerability scans throughout all stages of the software development lifecycle.

Invicti enables administrators to add multiple team members as users and assign specific access privileges, allowing them to collaborate and share their findings with the entire team. The dashboard allows users to keep track of the security of each web application at a glance, with correlated trending reports to help users monitor the productivity and quality of work done by developers.

Invicti is the only end-to-end web application security solution that lets you scale and automate your web security program. The world's largest companies trust Invicti with their web application security.


Key benefits of Invicti

  • Invicti utilizes unique proof-based technology to automatically verify that the identified vulnerabilities are real, and no false positives.

  • The solution's built-in workflows and automation tools allow organizations to scale up their web application security efforts and scan hundreds of websites at once.

  • Invicti’s asset discovery service locates all the websites, applications, services, and APIs that
    need to be scanned. With the Technologies feature, you can also find and list the technologies used in web applications,
    identify out-of-date versions, & track technology update status. Scan any type of web application regardless of the technology it was built with and find vulnerabilities in Web 2.0, HTML5, and single-page web applications with Invicti.

  • Remotely trigger hundreds of web vulnerability scans from anywhere and anytime with Invicti Cloud's web service-based REST API.

  • The security dashboard enables users to monitor the state of security of all web apps alongside trending reports which help keep track of the productivity and quality of work by developers.

  • Images

    Invicti Software - Trending and other graphs allow users to get a quick overview of the security state of all the websites being scanned by Invicti Cloud
    Invicti Software - The trend matrix report provides information on when a vulnerability was identified the first time, when it was fixed, or when it was reintroduced on the website
    Invicti Software - Configure and execute web application security scans without a complex learning exercise
    Invicti Software - Configure every single aspect of the web security scan such as attack options, crawling settings, URL rewrite rules, authentication, HTTP connection options and anything else in the scan policy
    Invicti Software - Configure a scan policy for each group of websites
    Invicti Software - Invite all the other team members to join and access the same account for team collaboration
    Invicti Software - Get an overview of tasks and see which were assigned to which team member
    Invicti Software - Invicti Cloud technical report
    Invicti Software - Proof of exploit report
    View 10 more
    Invicti video
    Invicti Software - Trending and other graphs allow users to get a quick overview of the security state of all the websites being scanned by Invicti Cloud
    Invicti Software - The trend matrix report provides information on when a vulnerability was identified the first time, when it was fixed, or when it was reintroduced on the website
    Invicti Software - Configure and execute web application security scans without a complex learning exercise
    Invicti Software - Configure every single aspect of the web security scan such as attack options, crawling settings, URL rewrite rules, authentication, HTTP connection options and anything else in the scan policy
    Invicti Software - Configure a scan policy for each group of websites
    Invicti Software - Invite all the other team members to join and access the same account for team collaboration
    Invicti Software - Get an overview of tasks and see which were assigned to which team member
    Invicti Software - Invicti Cloud technical report
    Invicti Software - Proof of exploit report

    Not sure about Invicti? Compare with a popular alternative

    Invicti

    4,7 (18)
    VS.
    Highly reviewed

    Starting Price

    US$5 994,00
    year
    US$4 800,00
    month

    Pricing Options

    Free version
    Free trial
    Free version
    Free trial

    Features

    45
    89

    Integrations

    31
    10

    Ease of Use

    4,3 (18)
    4,9 (19)

    Value for Money

    4,2 (18)
    5,0 (19)

    Customer Service

    4,6 (18)
    5,0 (19)
    Green rating bars show the winning product based on the average rating and number of reviews.

    Alternatives

    vRx

    4,9
    #1 Alternative to Invicti
    Efficiently Reduce Organizational Security Risk with vRx's leading vulnerability management platform that provides an...

    Acunetix

    4,4
    #2 Alternative to Invicti
    Acunetix (by Invicti) is a cyber security solution offering automatic web security testing technology that enables...

    SilverSky Managed Security Services

    4,7
    #3 Alternative to Invicti
    SilverSky Managed Security Services is a cloud-based cybersecurity platform that helps businesses monitor firewalls and...

    EcoTrust

    4,9
    #4 Alternative to Invicti
    EcoTrust introduces an innovative CAASM platform that redefines cybersecurity by focusing on prioritizing critical...

    Reviews

    Overall rating

    4,7 /5
    (18)
    Value for Money
    4,2/5
    Features
    4,4/5
    Ease of Use
    4,3/5
    Customer Support
    4,6/5

    Already have Invicti?

    Software buyers need your help! Product reviews help the rest of us make great decisions.

    Showing 5 reviews of 18
    Valliappan
    Overall rating
    • Industry: Information Services
    • Company size: 51–200 Employees
    • Used Weekly for 1+ year
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 7.0 /10

    NetSparker - Security Vulnerabilty Scanning Tool and Helper

    Reviewed on 2021/05/04

    Netsparker is comparatively cheaper, and you can bargain i believe, compare to other tools like...

    Netsparker is comparatively cheaper, and you can bargain i believe, compare to other tools like Accunetix etc. We compare a couple of them and decided this.

    Pros

    This tool has both web and desktop versions, with some licensing limitations. It scans your website, for issues and reports the issues and ways to fix them, online can leave it to run from cloud and do your work.

    Their pricing is not that high.

    Cons

    The desktop version when run on your system, it slows down everything in your system, so better to use the cloud base one. But these two versions have some difference i think. But overall we were happier with the package, but later as we did not need much, we did not renew it further.

    Gianluca
    Overall rating
    • Industry: Information Technology & Services
    • Company size: 11–50 Employees
    • Used Weekly for 1+ year
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 9.0 /10

    Best software for Web Application Vulnerability Management

    Reviewed on 2019/06/10

    I use Netsparker as a Consultant for my clients. I'm very satisfied about the product and how this...

    I use Netsparker as a Consultant for my clients. I'm very satisfied about the product and how this software help our client to check the security level of the web applications. We also help our clients to build a remediation plan (through the report of Netsparker is very easy and quick perform that task) and through Netsparker checks that all the remediations implemented are in place

    Pros

    I like Netsparker because is very easy to use, but at the same time has a lot of options that allow an expert user to customize the level of scanning. Also make authenticated scan is very easy (several options are available). Report templates are different and cover all your needs.

    Cons

    When do concurrent scans it consumes a lot of resources.

    Alternatives Considered

    Acunetix

    Reasons for Choosing Invicti

    Because there are a lot of false positive in the scans.

    Reasons for Switching to Invicti

    I made a trial and compare the results of the different products and Netspaker was the more effective, easy to use and with better reports.

    Response from Invicti

    Thank you for your review of Netsparker, this is much appreciated. We are glad to hear the software satisfies your and your clients' needs.

    Verified Reviewer
    Overall rating
    • Industry: Research
    • Company size: 1 001–5 000 Employees
    • Used Daily for 1+ year
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 2.0 /10

    Too much money for a third rate product

    Reviewed on 2018/09/12

    We are required to run weekly vulnerability scans on many of our production websites and we try to...

    We are required to run weekly vulnerability scans on many of our production websites and we try to use Netsparker to do these scans. We can schedule when the scans will run and they usually do run. The problem is, if the scan has a problem it must be canceled, otherwise it will never finish and no report will ever be generated.

    Pros

    Netsparker comes with an automation API so it is possible to include it as part of a Continuous Integration / Continuous Deployment (CI/CD) system. It usually works but not always.

    Cons

    There is almost no documentation about how to use the product. You are expected to open a support ticket and ask how to do some of simplest things and it usually take a day to get a response back from support. Often the response is, "We don't support that", or "We don't have a sample that does that". I one time asked for .Net Framework sample code to pull a report from Netsparker and the answer I got was "Go toe the GUI and select these buttons. The report will download." The problem was I needed to download the reports problematically. Other times I asked for .Net samples and was given Python code. They are the same, correct?

    Response from Invicti

    Hello,

    Thank you for your feedback.

    I am sorry to hear you have encountered such issues. Rest assured that this is not the norm, hence why I am personally reaching out to you.

    We do have extensive product documentation (https://www.netsparker.com/support/) and we pride ourselves on giving excellent product support, as can be seen by the many testimonials and case studies we have published.

    However sometimes things can go wrong. So can you please send me an email on [email protected] so I can personally look into this matter and iron out any issues there are, so you can benefit from our product.

    Looking forward to hearing from you.

    Mehmet ATA
    Technical Support Manager

    Patrick
    Overall rating
    • Industry: Internet
    • Company size: 2–10 Employees
    • Used Daily for 1+ year
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 10.0 /10

    Continuous vulnerability scanning

    Reviewed on 2019/02/26

    Stands out in the space as being one of the easier to use tools.

    While OWASP ZAP is an excellent...

    Stands out in the space as being one of the easier to use tools.

    While OWASP ZAP is an excellent tool NetSparker takes the same principles to the next level and bundles it into an easy to use and highly valuable application security scanner SaaS!

    Pros

    UI is top-notch and easy to grok. It's highly efficient and customizable tool provide in depth reporting when you need it most. Support team is A+! Being able to generate multiple types of reports based on customer needs is quite useful.

    Cons

    Docs were a bit outdated or not easy to follow when we initially started using the product. Support has steadily been improving them and they look great now.

    Response from Invicti

    Thank you for your positive feedback. We are glad that Support documentation is improving.

    Chris
    Overall rating
    • Industry: Nonprofit Organization Management
    • Company size: 201–500 Employees
    • Used Daily for 2+ years
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 9.0 /10

    Web Application Scanning with Netsparker

    Reviewed on 2019/06/24

    My years of experience with Netsparker have been nothing but positive and I truly enjoy using this...

    My years of experience with Netsparker have been nothing but positive and I truly enjoy using this tool to assess our web applications.

    Pros

    The software is very easy to use yet has extreme amount of customization for scanning any web application.

    Cons

    Without an intimate knowledge of the capability of the tool, you may miss out on truly reaping its benefits in deep scanning of web applications.

    Showing 5 reviews of 18 Read all reviews

    Invicti FAQs

    Below are some frequently asked questions for Invicti.

    Invicti offers the following pricing plans:

    • Starting from: US$5 994,00/year
    • Pricing model: Subscription
    • Free Trial: Available

    Desktop licensing is per seat and Cloud licensing is per target website.

    Invicti has the following typical customers:

    Self Employed, 2–10, 11–50, 51–200, 201–500, 501–1 000, 1 001–5 000

    Invicti supports the following languages:

    English

    Invicti supports the following devices:

    Invicti integrates with the following applications:

    Asana, Azure Active Directory, BambooHR, Bitbucket, Bugzilla, CircleCI, Cloudflare, FogBugz, Freshservice, GitHub, GitLab, HashiCorp Consul, Jenkins, Jira, Mattermost, Microsoft Teams, Okta, PagerDuty, PingFederate, Pivotal Tracker, Redmine, ServiceNow, Shortcut, Slack, TeamCity, Travis CI, Trello, Unfuddle STACK, UrbanCode Velocity, YouTrack, Zapier

    Invicti offers the following support options:

    Email/Help Desk, Knowledge Base, Phone Support, Chat

    Related categories

    See all software categories found for Invicti.