Invicti Reviews

Name: Invicti
Brand: Invicti
Rating: 4.1 (31 reviews)

Vendor: Invicti

4.1 out of 5

31 reviews
96% willing to recommend

Leave a review

What is Invicti?

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Get the Invicti Buyer's Guide and find out what your peers are saying about Invicti, SonarQube, Snyk and more!

Invicti is the #5 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #6 ranked solution in top Application Security Posture Management (ASPM) solutions, #9 ranked solution in top Software Composition Analysis (SCA) solutions, #9 ranked solution in API Security Solutions, #11 ranked solution in AST tools, and #25 ranked solution in Container Security Solutions. PeerSpot users give Invicti an average rating of 8.2 out of 10. Invicti is most commonly compared to SonarQube: Invicti vs SonarQube. Invicti is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 17% of all views.

Helped 879,259 peers since 2012

Featured Invicti reviews

Valavan Sivgalingam

Senior Manager, Security Engineering at ESS

It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.

Read full review

PrashantUppuluri

Solution Architect at a tech services company with 51-200 employees

A good scanning engine is what I appreciate about Invicti. When you want to find out the vulnerabilities within your web applications, Invicti has done a thorough job with respect to filtering out the vulnerabilities and identifying the risk factors with respect to the security modules within the solution. Invicti does have a segment of the solution which works on the automated scanning engine. As long as the license is active, the scanners that work within the solution are pretty effective. With respect to SAST and DAST, being a real-time scanning engine is one of the portfolios and one of the selling factors of the solution. Invicti is known to be a solution that works within the hybrid environment, be it cloud, on-premises, or a mix and match across multiple marketplaces. It does a thorough job. Most importantly, Invicti is a very good SAST and DAST solution that is very competitive in the market with respect to competitors. Invicti is a part of the Magic Quadrant with respect to Gartner's Magic Quadrant and has made a very good customer database and pipeline within the marketplace locally. With respect to security impacts in terms of support, Invicti is pretty much supportive. With respect to use cases or the POCs I have run on the solution, we have identified a couple of vulnerabilities and Invicti was able to trace them, detect, and quarantine the attacks.

Read full review

Kunal M

Capability Center Leader, ETRM Platforms at Shell

Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Read full review

Invicti mindshare

Product category:

As of December 2025, the mindshare of Invicti in the Dynamic Application Security Testing (DAST) category stands at 7.9%, up from 5.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST) Market Share Distribution
Product	Market Share (%)
Invicti	7.9%
Veracode	21.2%
Checkmarx One	18.0%
Other	52.9%

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Invicti reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Dec 30, 2025	Download
Product	Reviews, tips, and advice from real users	Dec 30, 2025	Download
Comparison	Invicti vs Veracode	Dec 30, 2025	Download
Comparison	Invicti vs Checkmarx One	Dec 30, 2025	Download
Comparison	Invicti vs HCL AppScan	Dec 30, 2025	Download

Valuable Features

Invicti's most valuable features include comprehensive scanning, proof-based scanning, and robust vulnerability detection. It efficiently integrates with security tools for seamless management. Its user-friendly interface aids in vulnerability analysis and reduces false positives. Invicti excels in confirming vulnerabilities like SQL injection and cross-site scripting. Scalable for enterprises, it supports larger assessments without performance issues. The API testing and flexible authentication enhance testing across various applications, offering thorough protection and supporting proactive DevOps integration.

"Invicti has done a commendable job with respect to ROI, and with respect to being a cost-effective solution and one of the market leaders as an effective solution for SAST and DAST, Invicti has performed very well."
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."

Room for Improvement

Invicti users note slow scanning speed, particularly with large applications, impacting other program performance and increasing CPU usage. The interface is considered cluttered, and there are issues with proof of concept verification during scans. Authentication features, multi-factor integration, and license flexibility need enhancement. Users seek better reporting options, broader vulnerability detection, and support for DB2 databases. SSO integration is lacking, and improved support documentation is requested. Pricing is considered high compared to competitors.

"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
"Invicti's reporting capabilities need enhancement."
"Currently, there is nothing I would like to improve."

Pricing

Invicti's pricing appeals to enterprise buyers seeking a flexible and competitive solution in the security market. While some report it as costly, especially for small to medium businesses, large enterprises find it aligns well with budget expectations. Offering per-user and per-year licensing models, the solution supports flexible options. Despite high costs for advanced features, Invicti remains competitive against alternatives like Acunetix and WebInspect. Setup and licensing generally fall within acceptable limits for most organizations.

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

Popular Use Cases

Invicti is primarily utilized for automated web application security testing, focusing on identifying vulnerabilities such as SQL injection, XSS, and CSRF. It supports continuous penetration testing, vulnerability assessment, and compliance with regulations like PCI DSS and GDPR. Users leverage it to scan and secure web applications, APIs, and endpoints, generating detailed reports and improving security measures. It offers dynamic and static security testing and facilitates vulnerability remediation and prioritization.

Service and Support

Invicti's customer service and support receive high praise for professionalism and responsiveness, with ratings often reaching 8 or 9 out of 10. Technical support is detailed, offering demos and resolving issues efficiently. There are occasional language challenges but generally praised for swift issue resolution through multiple channels, including emails, social media, and active Google groups. Regional support varies, engaging local partners effectively, while direct technical support remains prompt and thorough in addressing queries.

Deployment

Invicti's initial setup is described as straightforward and user-friendly, with clear instructions minimizing guesswork. Many highlight the ease of installation across different environments, whether cloud-based or on-premises. Comprehensive documentation aids in configuration and integration with other tools, streamlining the process. Some note that enterprise environments or advanced features require additional steps but find these manageable with provided guides. Users emphasize the simplicity and quick configuration, making Invicti accessible for varied technical backgrounds.

Scalability

Invicti demonstrates strong scalability, handling large-scale web applications effectively. Multiple users highlight its ability to run concurrent instances and its adaptability to various platforms. Some note trade-offs between speed and accuracy, while deployment on larger networks shows promising scalability. Ratings commonly range from eight to 9.5 out of ten, affirming its ability to meet growing organizational needs without major issues. Occasional performance slowdowns during heavy operations are mentioned, but are not widespread concerns.

Stability

Invicti demonstrates strong stability, handling complex scanning with minimal downtime. Many praised its consistent performance, rating it highly, often 8 to 10 out of 10. Users noted it as stable, with rare crashes, no significant issues, and efficient resource management. Frequent updates and a robust architecture enhance functionality. However, some mentioned it could slow other processes, especially during resource-intensive operations, but it remains highly reliable for web application security tasks.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Invicti Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	11
Midsize Enterprise	3
Large Enterprise	12

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	113
Midsize Enterprise	100
Large Enterprise	220

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

13%

Manufacturing Company

Government

Retailer

Educational Organization

Comms Service Provider

Legal Firm

University

Healthcare Company

Construction Company

Real Estate/Law Firm

Recreational Facilities/Services Company

Transportation Company

Energy/Utilities Company

Performing Arts

Insurance Company

Outsourcing Company

Wholesaler/Distributor

Security Firm

Consumer Goods Company

Leisure / Travel Company

Media Company

Non Tech Company

Wellness & Fitness Company

Non Profit

Hospitality Company

Logistics Company

Compare Invicti with alternative products

Learn more about Invicti

Invicti was previously known as Netsparker.

Invicti customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Title	Rating	Mindshare	Recommending
SonarQube	4.0	N/A	83%	134 interviews Add to research
Snyk	4.1	N/A	100%	50 interviews Add to research

Author info	Rating	Review Summary
Senior Manager, Security Engineering at ESS	4.0	I've used Invicti for over three years for web and API testing; it's reliable in identifying vulnerabilities, though scan performance needs improvement. Setup is easy, support is good, and it's well-suited to our SSDLC and technology stack.
Solution Architect at a tech services company with 51-200 employees	4.0	I've used Invicti for three years to secure web applications; it’s easy to deploy, scalable, and offers effective SAST and DAST scanning, with solid vulnerability detection and good support, especially for SMBs in hybrid environments.
Capability Center Leader, ETRM Platforms at Shell	4.0	I use Invicti for code scans to identify vulnerabilities and secrets, aiding our development teams in prioritizing tasks. Its proactive scanning is valuable, though its reporting needs improvement for enterprise-level insights. Invicti was my first such tool.
Cyber Security Engineer at Spartec	5.0	I primarily use Netsparker for website scanning, appreciating its interactive interface and scalability for securing large-scale applications. Previously, I used Tenable.io but found Netsparker more engaging. There's currently nothing I wish to improve about it.
CEO at Xcelliti	3.5	We use Invicti for vulnerability testing, especially in fintech. It excels in proof-based scanning with minimal false positives, integrates well with CI/CD pipelines, and offers good scalability. However, improvements are needed in user interface, documentation, and support.
Presales Consultant at Cyberwise	4.0	We use Invicti to detect vulnerabilities and ensure compliance with regulations like PCI DSS and GDPR. Its proof-based scanning reduces false positives and saves time. However, the costly licensing, lengthy scan times, and need for more integrations are drawbacks.
Senior Manager, Security Engineering at ESS	4.0	I use Invicti primarily for web application and API testing. I find its API testing and false positive checks valuable, though improvements in scanning time and authentication features are needed. I also use Burp Suite and HCL AppScan for specific tasks.
Senior Information Security Analyst at EastNets Holding Ltd.	4.5	We use Invicti to initialize applications before client release, deploying and scanning for specific server issues, language, and vulnerabilities. Its strengths are confirming access and SSL injection vulnerabilities and connecting with other security tools. However, report specificity needs improvement.

Invicti Reviews

What is Invicti?

Featured Invicti reviews

Invicti mindshare

PeerResearch reports based on Invicti reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Invicti with alternative products

Learn more about Invicti

Invicti customers

Related questions

Product Categories

Popular Comparisons