Try our new research platform with insights from 80,000+ expert users
Invicti Logo

Invicti pros and cons

Vendor: Invicti
4.1 out of 5
Leave a review

Pros & Cons summary

Invicti offers exceptional scanning capabilities with a unique crawling feature, maintaining network efficiency and enhancing CI/CD pipeline integration for proactive vulnerability detection. It excels in accuracy, reduces false positives, and verifies vulnerabilities, though reporting capabilities and support require improvement. Challenges include costly URL-based licensing, difficulty in highlighting high-level vulnerabilities, limited multi-factor authentication support, and lengthy scanning times compared to other DAST tools, necessitating usability enhancements for tech buyers.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Invicti excels in scanning capabilities and offers a unique crawling feature compared to other similar scanners.
Its scanning process does not heavily impact network resources, allowing seamless operation.
Invicti demonstrates a high level of accuracy and a quick scanning process, making it a reliable tool for vulnerability identification.
The platform integrates effectively with CI/CD pipelines, enhancing proactive vulnerability detection during deployment or code push.
Invicti stands out in reducing false positives and verifying vulnerabilities, significantly improving security testing efficiency.

CONS

Invicti's reporting capabilities require improvement for more comprehensive and user-friendly options.
The higher-level vulnerabilities, such as Cross-Site Scripting and SQL Injection, are challenging to highlight.
Licensing is tied to URLs, which proves costly and restrictive, especially for scanning different domains.
The scanning time is lengthy compared to other DAST tools, which affects usability.
Support, documentation, and multi-factor authentication support need enhancement.
 

Invicti Pros review quotes

it_user696993 - PeerSpot reviewer
it_user696993
Senior Information Security Consultant at a tech services company
Jul 5, 2017
Its ability to crawl a web application is quite different than another similar scanner.
Read full review
it_user700140 - PeerSpot reviewer
it_user700140
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Dec 11, 2017
The scanner is light on the network and does not impact the network when scans are running.
Read full review
it_user701418 - PeerSpot reviewer
it_user701418
Security Analyst with 1,001-5,000 employees
Jul 12, 2017
The scanner and the result generator are valuable features for us.
Read full review
Buyer's Guide
Invicti
December 2025
Free Report: Invicti Reviews and More
Learn what your peers think about Invicti. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,310 professionals have used our research since 2012.
it_user702261 - PeerSpot reviewer
it_user702261
Manager Compliance - Processes / InfoSec. at a tech services company with 201-500 employees
Jul 13, 2017
Scan, proxify the application, and then detailed report along with evidence and remediations to problems.
Read full review
it_user494973 - PeerSpot reviewer
it_user494973
Software Quality Assurance Engineer at ITONICS GmbH
Dec 18, 2017
When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done.
Read full review
NY
Nur Yesilyurt
Attack Developer at a tech vendor
Aug 31, 2018
Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface.
Read full review
IB
Ivan Biagi
Security Specialist at Alfa-A IT
Jul 10, 2019
It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites.
Read full review
PD
Paolo Da Ros
Founder at a tech services company with self employed
Aug 21, 2019
One of the features I like about this program is the low number of false positives and the support it offers.
Read full review
it_user1188708 - PeerSpot reviewer
it_user1188708
Senior Quality Control Manager at a insurance company with 51-200 employees
Nov 14, 2019
The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports.
Read full review
reviewer1286490 - PeerSpot reviewer
reviewer1286490
Consultant Cyber Security at a tech services company with 51-200 employees
Oct 4, 2020
This tool is really fast and the information that they provide on vulnerabilities is pretty good.
Read full review
Show 10 more reviews (out of 24)
 

Invicti Cons review quotes

it_user696993 - PeerSpot reviewer
it_user696993
Senior Information Security Consultant at a tech services company
Jul 5, 2017
Maybe the ability to make a good reporting format is needed.
Read full review
it_user700140 - PeerSpot reviewer
it_user700140
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Dec 11, 2017
The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker.
Read full review
it_user701418 - PeerSpot reviewer
it_user701418
Security Analyst with 1,001-5,000 employees
Jul 12, 2017
The support's response time could be faster since we are in different time zones.
Read full review
Buyer's Guide
Invicti
December 2025
Free Report: Invicti Reviews and More
Learn what your peers think about Invicti. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,310 professionals have used our research since 2012.
it_user702261 - PeerSpot reviewer
it_user702261
Manager Compliance - Processes / InfoSec. at a tech services company with 201-500 employees
Jul 13, 2017
I think that it freezes without any specific reason at times. This needs to be looked into.
Read full review
it_user494973 - PeerSpot reviewer
it_user494973
Software Quality Assurance Engineer at ITONICS GmbH
Dec 18, 2017
It would be better for listing and attacking Java-based web applications to exploit vulnerabilities.
Read full review
NY
Nur Yesilyurt
Attack Developer at a tech vendor
Aug 31, 2018
The custom attack preparation screen might be improved.
Read full review
IB
Ivan Biagi
Security Specialist at Alfa-A IT
Jul 10, 2019
The scanner itself should be improved because it is a little bit slow.
Read full review
PD
Paolo Da Ros
Founder at a tech services company with self employed
Aug 21, 2019
Netsparker doesn't provide the source code of the static application security testing.
Read full review
it_user1188708 - PeerSpot reviewer
it_user1188708
Senior Quality Control Manager at a insurance company with 51-200 employees
Nov 14, 2019
The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them.
Read full review
reviewer1286490 - PeerSpot reviewer
reviewer1286490
Consultant Cyber Security at a tech services company with 51-200 employees
Oct 4, 2020
Right now, they are missing the static application security part, especially web application security.
Read full review
Show 10 more reviews (out of 24)

Product Categories

Product Categories
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
API Security
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Invicti Logo
SonarQube vs Invicti
Snyk vs Invicti Logo
Snyk vs Invicti
GitLab vs Invicti Logo
GitLab vs Invicti
Checkmarx One vs Invicti Logo
Checkmarx One vs Invicti
Veracode vs Invicti Logo
Veracode vs Invicti
Coverity Static vs Invicti Logo
Coverity Static vs Invicti
CrowdStrike Falcon Cloud Security vs Invicti Logo
CrowdStrike Falcon Cloud Security vs Invicti
OWASP Zap vs Invicti Logo
OWASP Zap vs Invicti
OpenText Core Application Security vs Invicti Logo
OpenText Core Application Security vs Invicti
Mend.io vs Invicti Logo
Mend.io vs Invicti
Acunetix vs Invicti Logo
Acunetix vs Invicti
PortSwigger Burp Suite Professional vs Invicti Logo
PortSwigger Burp Suite Professional vs Invicti
HCL AppScan vs Invicti Logo
HCL AppScan vs Invicti
Qualys Web Application Scanning vs Invicti Logo
Qualys Web Application Scanning vs Invicti
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
See all alternatives

Product Categories

Product Categories
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
Container Security
Software Composition Analysis (SCA)
API Security
Application Security Posture Management (ASPM)

Popular Comparisons

Popular Comparisons
SonarQube vs Invicti Logo
SonarQube vs Invicti
Snyk vs Invicti Logo
Snyk vs Invicti
GitLab vs Invicti Logo
GitLab vs Invicti
Checkmarx One vs Invicti Logo
Checkmarx One vs Invicti
Veracode vs Invicti Logo
Veracode vs Invicti
Coverity Static vs Invicti Logo
Coverity Static vs Invicti
CrowdStrike Falcon Cloud Security vs Invicti Logo
CrowdStrike Falcon Cloud Security vs Invicti
OWASP Zap vs Invicti Logo
OWASP Zap vs Invicti
OpenText Core Application Security vs Invicti Logo
OpenText Core Application Security vs Invicti
Mend.io vs Invicti Logo
Mend.io vs Invicti
Acunetix vs Invicti Logo
Acunetix vs Invicti
PortSwigger Burp Suite Professional vs Invicti Logo
PortSwigger Burp Suite Professional vs Invicti
HCL AppScan vs Invicti Logo
HCL AppScan vs Invicti
Qualys Web Application Scanning vs Invicti Logo
Qualys Web Application Scanning vs Invicti
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
See all alternatives
Related questions
  • 9
When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?
  • 14
Why is Dynamic Application Security Testing (DAST) important for companies?