Invicti Reviews

Name: Invicti
Brand: Invicti
Rating: 4.1 (30 reviews)

4.1 out of 5

30 reviews
96% willing to recommend

What is Invicti?

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Get the Invicti Buyer's Guide and find out what your peers are saying about Invicti, SonarQube Server (formerly SonarQube), Snyk and more!

Invicti is the #5 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #7 ranked solution in API Security Solutions, and #14 ranked solution in AST tools. PeerSpot users give Invicti an average rating of 8.2 out of 10. Invicti is most commonly compared to SonarQube Server (formerly SonarQube): Invicti vs SonarQube Server (formerly SonarQube). Invicti is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.

Helped 864,155 peers since 2012

Featured Invicti reviews

Kunal M

Capability Center Leader, ETRM Platforms at Shell

Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Read full review

JanetMuhia

Cyber Security Engineer at Spartec

From my experience, Invicti is an exceptionally stable solution for web application security. Here's what stands out: * Consistent Performance: Over the three years we’ve used it, the solution has demonstrated reliable and consistent performance, even during large-scale scanning operations. * Minimal Downtime: I have not encountered significant downtime or disruptions while using Invicti, which is critical for security tools that organizations rely on continuously. * Robust Architecture: Its ability to handle complex scanning tasks without crashes or lag reflects its well-engineered platform. * Regular Updates: Invicti frequently releases updates and patches, which enhance functionality and address any stability concerns proactively. Rating : I would confidently rate Invicti’s stability at 9.5 out of 10. It ensures uninterrupted operations and supports high-performance demands, which are essential for enterprise environments.

Read full review

Valavan Sivgalingam

Senior Manager, Security Engineering at ESS

It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.

Read full review

Invicti mindshare

Product category:

As of August 2025, the mindshare of Invicti in the Dynamic Application Security Testing (DAST) category stands at 12.3%, up from 11.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Invicti reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Aug 1, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 1, 2025	Download
Comparison	Invicti vs HCL AppScan	Aug 1, 2025	Download
Comparison	Invicti vs Rapid7 InsightAppSec	Aug 1, 2025	Download
Comparison	Invicti vs OpenText Dynamic Application Security Testing	Aug 1, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	N/A	81%	116 interviews Add to research
Snyk	4.0	N/A	100%	48 interviews Add to research

Valuable Features

Invicti's most valuable features include its comprehensive scanning engine, which detects a wide range of vulnerabilities. The proof-based scanning technology stands out due to its accuracy and low false positive rate. Its user-friendly interface simplifies analysis. Security data integration with other tools enhances management. Its scalability supports extensive web application assessments. Invicti integrates well with DevOps, offers audit recommendations, and ensures proactive scanning in new environments, aiding developers in prioritizing efforts.

"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
"I would rate the stability as ten out of ten."

Room for Improvement

Invicti experiences slow performance and high CPU usage, especially with large applications, leading to longer scanning times. There is a need for better reporting formats and improved support for databases like DB2. Users find the licensing model expensive and restrictive. Integration with single-sign-on and multi-factor authentication is lacking. Enhanced vulnerability analysis and better documentation are needed, alongside improvements in UI and support responsiveness. Portfolio-level insights into vulnerability remediation are also missing.

"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
"Invicti's reporting capabilities need enhancement."
"Currently, there is nothing I would like to improve."

Pricing

Invicti's pricing is generally viewed as high, primarily suited for large enterprises, with flexible licensing options available. Subscription-based costs range from $5,000 to $10,000 for small businesses, and up to $15,000 or more for enterprise solutions. While competitive in the security market, many indicate additional tools might be necessary for advanced analyses, implying further expenses. Licensing is typically within budget limits for those who purchase, reflecting a well-regarded balance between cost and capability.

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

Popular Use Cases

Users primarily utilize Invicti for automated web application security testing, vulnerability assessment, and penetration testing. It assists in identifying major vulnerabilities, ensuring compliance with regulations like PCI DSS and GDPR, and supports code scans to detect and remediate open vulnerabilities. Invicti's capabilities include dynamic application security testing, API testing, and integrating with development pipelines. Users benefit from its ability to generate detailed reports, map web application attack surfaces, and prioritize risk management strategies.

Service and Support

Communication with Invicti users rates highly, with customers giving scores of 9 and 10 out of 10 for professionalism and responsiveness. Technical support is praised for prompt responses, helpfulness, and language support, though occasional issues exist. Resources include wikis, YouTube, and active Google groups. Many note efficient issue resolution and high satisfaction levels. Some engage local partners, maintaining satisfactory experiences, while a few find reliability lacking. Overall, customers view both support and service favorably.

Deployment

Many users found Invicti's initial setup straightforward and easy, facilitated by its clear instructions and user-friendly installer. The comprehensive documentation proved beneficial, especially for advanced configurations. Installation was efficient for both cloud and on-premise options, although enterprise environments required additional adjustments. Proxy and authentication setups needed extra attention but were manageable. Despite minor complexities, users appreciated the streamlined process and thorough resources provided, aiding seamless deployment and integration with existing systems.

Scalability

Invicti is generally perceived as a highly scalable option, particularly praised for handling large-scale web applications and modular architecture. The majority experience few issues, though some mention occasional sluggishness with large applications. Users often give it a high scalability rating, appreciating its adaptability across various environments. Rapid deployments and effective performance make it appealing for expanding businesses. Users appreciate its capabilities, though improvements like integrated reporting could enhance satisfaction further.

Stability

Invicti exhibits strong stability according to users. Commonly praised for consistent performance, minimal downtime, and robust architecture, it handles complex tasks well and remains steady during operations. Frequent updates enhance its reliability. Users noted occasional high resource consumption, impacting other processes. No significant bugs, glitches, or crashes are reported, and ratings are high, often scoring around 8 or more on stability. Some users mentioned a single instance of downtime within an extended period.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Invicti Buyer's Guide for additional reliable information.