We use Invicti for dynamic application security testing and to integrate files into the pipeline.
Manager at a consultancy with 10,001+ employees
A stable and user-friendly solution that can be used for dynamic application security testing
Pros and Cons
- "The most valuable feature of Invicti is getting baseline scanning and incremental scan."
- "The solution's false positive analysis and vulnerability analysis libraries could be improved."
What is our primary use case?
What is most valuable?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement?
The solution's false positive analysis and vulnerability analysis libraries could be improved.
For how long have I used the solution?
I have been using Invicti for a couple of years.
Buyer's Guide
Invicti
December 2024
Learn what your peers think about Invicti. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
Invicti is a stable solution with no bugs or breakdowns.
What do I think about the scalability of the solution?
Invicti is a scalable solution. Around 18 users are using the solution in our organization.
How are customer service and support?
We regularly contact Invicti's technical support when we face issues. The solution's technical support team is not reliable enough to provide us with solutions.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used a different solution called AppScan Standard. We switched to Invicti because Gartner has a good rating for Invicti, and Invicti has a good vulnerability analysis compared to AppScan Standard.
How was the initial setup?
Invicti's initial setup is average and neither easy nor complex.
What other advice do I have?
Invicti is the best user-friendly tool for dynamic application security testing (DAST) compared to other solutions.
Overall, I rate Invicti a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Product Security Architect at a tech services company with 51-200 employees
A stable solution that can be used for web application security and API testing
Pros and Cons
- "Invicti is a good product, and its API testing is also good."
- "The scanning time, complexity, and authentication features of Invicti could be improved."
What is our primary use case?
We use Invicti for web application security, web application ping test, API testing, and endpoint testing like SoapUI testing.
What is most valuable?
Invicti is a good product, and its API testing is also good. The product is really good and gets into false positive checks and proof of concept checks.
What needs improvement?
The scanning time, complexity, and authentication features of Invicti could be improved.
For how long have I used the solution?
We have been using Invicti for the last five years as a customer.
What do I think about the stability of the solution?
Invicti is a very stable product, and we don’t have any issues.
What do I think about the scalability of the solution?
Invicti is a scalable solution.
We have a different model where our security team manages the solution, and we don't give it to developers. We are a small to medium enterprise.
How are customer service and support?
We don't have any issues because Invicti's support was really good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Depending on the use cases I've used, HCL AppScan and Burp Suite. It depends on the use case and the user's knowledge. All these products are based on the user's knowledge.
I usually use Invicti for official purposes, but in certain cases, we use Burp Suite for doing a ping test-related activity.
How was the initial setup?
From my end, it was easy to install the solution. I haven't seen any problems with installing Invicti.
What about the implementation team?
The installation depends on the scans we perform. A typical scan will take only a day. I am talking about configuration and not about the scans.
Maintenance is not a major issue. We have good support from Invicti to help us maintain the solution.
What other advice do I have?
If you use a good VAS solution, you can go for a lighter web application test. Invicti is a really good product when the web solution is SaaS-oriented and complex in nature. For any false positives, they do a proof of concept and then share the records with us, and that true positive summary would be really good.
Overall, I rate Invicti an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Invicti
December 2024
Learn what your peers think about Invicti. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Senior System Administrator at a tech vendor with 10,001+ employees
Excellent solution for identifying and verifying vulnerabilities
Pros and Cons
- "Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
- "Invicti takes too long with big applications, and there are issues with the login portal."
What is our primary use case?
I primarily use Invicti for onboarding on the performance side.
What is most valuable?
Invicti's best feature is the ability to identify vulnerabilities and manually verify them.
What needs improvement?
Invicti takes too long with big applications, and there are issues with the login portal.
For how long have I used the solution?
I've been using Invicti for four to five years.
What do I think about the stability of the solution?
Invicti sometimes stops working when dealing with large applications.
How was the initial setup?
The initial setup was easy.
What other advice do I have?
I would give Invicti a rating of nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Consultant at Verve Square Technologies
Great active and passive scanning, and reports are generated automatically
Pros and Cons
- "The solution generates reports automatically and quickly."
- "The scannings are not sufficiently updated."
What is our primary use case?
We use this product for vulnerability assessment and penetration testing of any web application in addition to API testing. The solution generates reports for us. I'm a security consultant and we are end-users.
What is most valuable?
The solution generates reports automatically and quickly and it's a very user-friendly product. I like the active and passive scanning, which is a good feature from my perspective.
What needs improvement?
I find that the scannings are not sufficiently updated.
For how long have I used the solution?
I've been using this solution for four years.
What do I think about the stability of the solution?
The stability is good, up to the mark.
What do I think about the scalability of the solution?
The scalability is good and we're likely going to increase usage of Netsparker.
How are customer service and support?
We contact technical support all the time and they are great. They resolve issues quickly and efficiently.
Which solution did I use previously and why did I switch?
We also use Burp Suite which is a UI-based tool that I also find to be user-friendly. We use both products so that in the case of false positives we can compare and verify.
How was the initial setup?
The initial setup is straightforward and the solution doesn't require any maintenance. We currently have 15 users and that number is likely to expand to around 20 in the near future.
What's my experience with pricing, setup cost, and licensing?
The pricing of the license is compatible with our budget.
What other advice do I have?
I highly recommend Netsparker and rate it eight out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Quality Assurance Specialist at a computer software company with 51-200 employees
Its web crawler introduced us to many security vulnerabilities and information we had not known before. Netsparker does not integrate SSO functionality.
What is most valuable?
- Simple, easy and straightforward to start.
- eader information is displayed in an easy to ready way which can be interpreted separately.
- Vulnerabilities categorization, along with the suggestions, is pretty helpful.
- Command line tool did seem interesting, but I couldn’t do much with it. It was a bit hard to learn its usage.
- Crawling websites is one of its best features.
NetSparker is a very easy to use and understand product. Its web crawler feature has benefitted us the most. And introduced us to many security vulnerabilities and information we had not known before. I really like how we can tune the number of concurrent sessions as well, which allows us to do some performance testing as well.
How has it helped my organization?
It covers basic-intermediate web attacks and presents the information in a very descriptive way. This enhances knowledge and also helps to identify which areas are lacking attention.
Other than that, it helps you start looking for the attack vectors and points of weakness.
What needs improvement?
Login functionality: Netsparker does not integrate single-sign-on functionality, which makes it very difficult to use for such websites. SSO has become an essential part of web security testing over the last few years. I would love to see this feature in new releases.
For how long have I used the solution?
I have been using it for ~6 months.
What do I think about the stability of the solution?
It is a resource-intensive program, and while it is running, other processes get very slow.
What do I think about the scalability of the solution?
I did not encounter any scalability issues.
Which solution did I use previously and why did I switch?
This was the starting point. We chose this because Troy Hunt (security advisor) had provided a positive and thorough review of this product on his blog.
We used this product along with some others (SkipFish, NMap, etc.) to fully test the security of our products.
How was the initial setup?
As I mentioned before, installing and using Netsparker is pretty easy compared to other products available.
What's my experience with pricing, setup cost, and licensing?
It is a good tool, as we found out with the Community Edition trial. But the price point is quite expensive for a startup or average-sized company.
Other than what I’ve written, it is a fine product but it cannot be used alone. It covers most of the basic-intermediate level attacks, which is really good as a starting point. But for the high-level and advanced analysis, other (similar) tools are needed, which is why I think its price point is very high.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Engineer at a computer software company with 11-50 employees
An automated application security testing tool with great technical support, but asset scanning could be better
Pros and Cons
- "I like that it's stable and technical support is great."
- "Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
What is most valuable?
I like that it's stable and technical support is great.
What needs improvement?
Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses.
For how long have I used the solution?
I have been working with Invicti for less than six months.
What do I think about the stability of the solution?
Invicti is a stable solution.
On a scale from one to ten, I would give stability an eight.
What do I think about the scalability of the solution?
I think Invicti is a scalable solution.
On a scale from one to ten, I would give scalability an eight.
How are customer service and support?
Technical support was great.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was straightforward. I deployed this solution in about two hours.
What about the implementation team?
I implemented this solution.
What's my experience with pricing, setup cost, and licensing?
Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great.
What other advice do I have?
On a scale from one to ten, I would give Invicti a six.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Senior Quality Control Manager at a insurance company with 51-200 employees
Great reporting review tool and very stable with an easy initial setup
Pros and Cons
- "The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
- "The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
What is our primary use case?
We're primarily used the solution as a proof of concept using it for assessing the security of one of our web applications.
What is most valuable?
The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports.
What needs improvement?
The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them.
For how long have I used the solution?
I've been using the solution for about two months.
What do I think about the stability of the solution?
The solution is very stable.
What do I think about the scalability of the solution?
As I was only working on the demo version of the solution, I can't speak to how scalable it would be.
How are customer service and technical support?
The technical support team was very helpful. They offered me a demo before I started using the tool, and the demo was very impressive.
Which solution did I use previously and why did I switch?
We previously used a different tool, but it was also a demo, like Netsparker. We wanted to try Netsparker, so we moved to their demo.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
I handled the implementation myself.
Which other solutions did I evaluate?
I tried some different tools. Some of them were full versions whereas others were demo versions like Netsparker.
What other advice do I have?
We're using a demo of the latest version for a POC. We used the on-premises deployment model.
I'd recommend Netsparker for anyone who wants to make a security assessment for web applications.
I'd rate the solution nine out of ten. The tool is full of useful features. However, the intercepting reviews in terms of web requests need some enhancements to be more usable.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager Compliance - Processes / InfoSec. at a tech services company with 201-500 employees
Organizations thinking to implement it need a team of technical personnel onboard
Pros and Cons
- "Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
- "I think that it freezes without any specific reason at times. This needs to be looked into."
What is most valuable?
Scan, proxify the application, and then detailed report along with evidence and remediations to problems.
How has it helped my organization?
We are trying to integrate this product fully into our CI/CD Pipeline. Right now, the basic scan is done. More is being done currently.
What needs improvement?
I think that it freezes without any specific reason at times. This needs to be looked into.
The UI is a bit cluttered, but it's ok since the Application Security does look at many facets of the Application.
What do I think about the stability of the solution?
No. Not so far with the upgrades. It updates itself given it is network access and it has plugins too.
What do I think about the scalability of the solution?
We haven't scaled it up so I can't comment. But, we have plans.
How are customer service and technical support?
Quite high. They are scattered all over social. They have wikis, a website, YouTube videos. They don't have a blog, or I might not have come across it, but given the option of googling things around, they are documenting many things.
Plus, they have active Google groups, where their response time is around a day.
Which solution did I use previously and why did I switch?
For application security, we tried Netsparker, Accunetix, but this one has a free option and recommended Software from OWASP.
How was the initial setup?
Quite straightforward. We did have a detailed look at YouTube videos, and read the wiki.
In other words, we did our research thoroughly, as their content was online. So it was finding the right content at the right time.
What's my experience with pricing, setup cost, and licensing?
Being as this software is on an Open Source license, I would advise having a technical person on board, who knows how to handle this product.
OWASP Zap is free and it has live updates, so that's a big plus.
Organizations thinking to implement it need a team of technical personnel onboard.
Which other solutions did I evaluate?
We did try the commercial ones, but since OWASP is known as an authority in web application security, we opted for this software.
What other advice do I have?
Go right ahead. You need to have a technical person.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Invicti Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Dynamic Application Security Testing (DAST) Static Application Security Testing (SAST) API SecurityPopular Comparisons
HCL AppScan
Fortify WebInspect
Rapid7 InsightAppSec
WhiteHat Dynamic
Buyer's Guide
Download our free Invicti Report and get advice and tips from experienced pros
sharing their opinions.