Invicti Reviews

Name: Invicti
Brand: Invicti
Rating: 4 (27 reviews)

4.1 out of 5

27 reviews
96% willing to recommend

945 followers

What is Invicti?

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Get the Invicti Buyer's Guide and find out what your peers are saying about Invicti, SonarQube Server (formerly SonarQube), Veracode and more!

Invicti is the #3 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #5 ranked solution in API Security Solutions, and #14 ranked solution in AST tools. PeerSpot users give Invicti an average rating of 8.2 out of 10. Invicti is most commonly compared to SonarQube Server (formerly SonarQube): Invicti vs SonarQube Server (formerly SonarQube). Invicti is popular among the midsize enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 55% of all views.

Helped 814,649 peers since 2012

Featured reviews

Akshay Waghmare

Manager at Deloitte

We use Invicti for dynamic application security testing and to integrate files into the pipeline The most valuable feature of Invicti is getting baseline scanning and incremental scan. The solution's false positive analysis and vulnerability analysis libraries could be improved. I have been…

Read full review

Amr Abdelnaser

Senior Information Security Analyst at EastNets Holding Ltd.

We use this solution to initialize our applications before releasing them to our clients. The first step is deploying our application and scanning it using Invicti. We configure the scanner for our application’s specific server issues, types, and language. After the scan is complete, Invicti will…

Read full review

Vishal Dhamke

Vice President Application Security North America at BNP Paribas

The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support.

Read full review

Invicti mindshare

Product category:

As of November 2024, the mindshare of Invicti in the Dynamic Application Security Testing (DAST) category stands at 16.2%, up from 14.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

Key learnings from peers

Last updated Oct 8, 2024

Valuable Features

Invicti excels in vulnerability detection and verification with proof-based scanning, reducing false positives. Its web crawler offers detailed site mapping and vulnerability categorization. Users value API testing, security scanning, and ease of use. The dashboard and reporting are efficient, providing tech stack insights and comprehensive results. Integration with CI/CD and customizable security checks enhance flexibility. Invicti's advanced engine supports baseline scanning, incremental scan, SSL injection detection, access vulnerabilities, and robust authentication options.

"It has very good integration with the CI/CD pipeline."
"The platform is stable."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."

Room for Improvement

Invicti often experiences slow performance, especially with large applications, heavy CPU usage, and limited client support, particularly with DB2 databases and Java-based applications. Integration with single-sign-on and better reporting are needed. Authentication features and usability could be improved. Licensing is restrictive and costly. There is a demand for enhanced static application security, improved false positive analysis, and better support for APIs and data swap testing. Comprehensive documentation and support mechanism enhancements are also necessary.

"They need to improve their support in the documentation. Their support mechanism is missing. Their responsiveness, technical staff, and these types of things need to be improved, and comprehensive documentation is required. They should have good self-service portal enhancement"
"They could enhance the support for data swap testing for the platform."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."

Pricing

Enterprise buyers found Invicti's pricing to be competitive, noting that while the solution is best suited for larger companies, it may seem too costly for startups or medium-sized businesses. Users appreciated flexible, subscription-based pricing, citing costs starting from $5,000 to $10,000 for smaller businesses and upwards of $15,000 for enterprises. While Invicti efficiently covers basic to intermediate security needs, users indicated additional tools might be necessary for advanced analysis.

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

Popular Use Cases

Invicti is used primarily for automated web application security testing and identifying vulnerabilities like SQL injection, XSS, and authentication issues. Companies utilize it for penetration and vulnerability assessments, helping with compliance and risk prioritization. It integrates into testing environments, supports dynamic application security testing, and is essential for securing web applications, APIs, and endpoints. Firms leverage its capability to generate comprehensive reports, facilitating robust security practices across various industries, including the financial sector.

Service and Support

Invicti's customer service is highly rated with many praising their professionalism and promptness in handling queries. Users found technical support responsive and helpful, often providing timely solutions and regular updates. They offer various resources, like wikis, videos, and active Google groups, ensuring comprehensive support. Language support varies; some noted issues with local language proficiency. While generally satisfied, a few found support reliability inconsistent in solving problems. Different regions may experience varying levels of customer service.

Deployment

Users find Invicti's initial setup straightforward and easy. Installation is typically smooth, giving flexibility with cloud and on-premises options. While most face no issues, a few mention minor obstacles with LDAP login or browser authentication. Deployment time varies from a few hours to a couple of days, influenced by the environment, number of agents, and server authentication. Many appreciate the availability of resources like YouTube videos and online content for guidance.

Scalability

Invicti proves to be highly scalable with its architecture supporting multiple instances, garnering positive feedback for scalability across different platforms. Some users note occasional performance slowdowns with large applications, but overall feedback highlights its ability to handle increasing usage effectively. Many rate it highly for scalability. Although speed may sometimes be a trade-off for accuracy, it accommodates several users and supports network restrictions, showcasing scalability for varied environments and user bases.

Stability

Users report Invicti as stable, with most experiencing no crashes or issues. Some notice high resource usage, which can slow other processes. Early versions had scanning delays, now improved. Invicti performs consistently, handling large applications well, though occasionally stops without major problems. Regular updates maintain performance. Many rate Invicti’s stability highly, with no bugs or glitches. Stability is rated around eight out of ten, according to feedback.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Invicti Buyer's Guide for additional reliable information.