Invicti Reviews

Name: Invicti
Brand: Invicti
Rating: 4.1 (29 reviews)

Vendor: Invicti

4.1 out of 5

29 reviews
96% willing to recommend

941 followers

Start review

What is Invicti?

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Get the Invicti Buyer's Guide and find out what your peers are saying about Invicti, HCL AppScan, Fortify WebInspect and more!

Invicti is the #3 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #6 ranked solution in API Security Solutions, and #15 ranked solution in AST tools. PeerSpot users give Invicti an average rating of 8.2 out of 10. Invicti is most commonly compared to HCL AppScan: Invicti vs HCL AppScan. Invicti is popular among the midsize enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 47% of all views.

Helped 849,686 peers since 2012

Featured Invicti reviews

Kunal M

Capability Center Leader, ETRM Platforms at Shell

Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Read full review

JanetMuhia

Cyber Security Engineer at Spartec

From my experience, Invicti is an exceptionally stable solution for web application security. Here's what stands out: * Consistent Performance: Over the three years we’ve used it, the solution has demonstrated reliable and consistent performance, even during large-scale scanning operations. * Minimal Downtime: I have not encountered significant downtime or disruptions while using Invicti, which is critical for security tools that organizations rely on continuously. * Robust Architecture: Its ability to handle complex scanning tasks without crashes or lag reflects its well-engineered platform. * Regular Updates: Invicti frequently releases updates and patches, which enhance functionality and address any stability concerns proactively. Rating : I would confidently rate Invicti’s stability at 9.5 out of 10. It ensures uninterrupted operations and supports high-performance demands, which are essential for enterprise environments.

Read full review

Amr Abdelnaser

Senior Information Security Analyst at EastNets Holding Ltd.

The Invicti is the scope application tool. The solution is installed on-premise but could be installed as a web version. Starting from the latest version, the web version could be used. They have a web application server. The deployment of the solution involves installing the EXE and configuring your machine.

Read full review

Invicti mindshare

Product category:

As of May 2025, the mindshare of Invicti in the Dynamic Application Security Testing (DAST) category stands at 13.9%, down from 14.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Invicti reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	May 1, 2025	Download
Product	Reviews, tips, and advice from real users	May 1, 2025	Download
Comparison	Invicti vs HCL AppScan	May 1, 2025	Download
Comparison	Invicti vs Fortify WebInspect	May 1, 2025	Download
Comparison	Invicti vs Rapid7 InsightAppSec	May 1, 2025	Download

Title	Rating	Mindshare	Recommending
HCL AppScan	3.9	15.3%	83%	43 interviews Add to research
Fortify WebInspect	3.6	22.6%	82%	21 interviews Add to research

Valuable Features

Invicti's most valuable features include its comprehensive scanning engine, which detects a wide range of vulnerabilities. The proof-based scanning technology stands out due to its accuracy and low false positive rate. Its user-friendly interface simplifies analysis. Security data integration with other tools enhances management. Its scalability supports extensive web application assessments. Invicti integrates well with DevOps, offers audit recommendations, and ensures proactive scanning in new environments, aiding developers in prioritizing efforts.

"I would rate the stability as ten out of ten."
"Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment."
"Netsparker provides a more interactive interface that is more appealing."

Room for Improvement

Invicti experiences slow performance and high CPU usage, especially with large applications, leading to longer scanning times. There is a need for better reporting formats and improved support for databases like DB2. Users find the licensing model expensive and restrictive. Integration with single-sign-on and multi-factor authentication is lacking. Enhanced vulnerability analysis and better documentation are needed, alongside improvements in UI and support responsiveness. Portfolio-level insights into vulnerability remediation are also missing.

"Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
"Invicti's reporting capabilities need enhancement."
"Currently, there is nothing I would like to improve."

Pricing

Invicti's pricing is generally viewed as high, primarily suited for large enterprises, with flexible licensing options available. Subscription-based costs range from $5,000 to $10,000 for small businesses, and up to $15,000 or more for enterprise solutions. While competitive in the security market, many indicate additional tools might be necessary for advanced analyses, implying further expenses. Licensing is typically within budget limits for those who purchase, reflecting a well-regarded balance between cost and capability.

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

Popular Use Cases

Users primarily utilize Invicti for automated web application security testing, vulnerability assessment, and penetration testing. It assists in identifying major vulnerabilities, ensuring compliance with regulations like PCI DSS and GDPR, and supports code scans to detect and remediate open vulnerabilities. Invicti's capabilities include dynamic application security testing, API testing, and integrating with development pipelines. Users benefit from its ability to generate detailed reports, map web application attack surfaces, and prioritize risk management strategies.

Service and Support

Communication with Invicti users rates highly, with customers giving scores of 9 and 10 out of 10 for professionalism and responsiveness. Technical support is praised for prompt responses, helpfulness, and language support, though occasional issues exist. Resources include wikis, YouTube, and active Google groups. Many note efficient issue resolution and high satisfaction levels. Some engage local partners, maintaining satisfactory experiences, while a few find reliability lacking. Overall, customers view both support and service favorably.

Deployment

Many users found Invicti's initial setup straightforward and easy, facilitated by its clear instructions and user-friendly installer. The comprehensive documentation proved beneficial, especially for advanced configurations. Installation was efficient for both cloud and on-premise options, although enterprise environments required additional adjustments. Proxy and authentication setups needed extra attention but were manageable. Despite minor complexities, users appreciated the streamlined process and thorough resources provided, aiding seamless deployment and integration with existing systems.

Scalability

Invicti is generally perceived as a highly scalable option, particularly praised for handling large-scale web applications and modular architecture. The majority experience few issues, though some mention occasional sluggishness with large applications. Users often give it a high scalability rating, appreciating its adaptability across various environments. Rapid deployments and effective performance make it appealing for expanding businesses. Users appreciate its capabilities, though improvements like integrated reporting could enhance satisfaction further.

Stability

Invicti exhibits strong stability according to users. Commonly praised for consistent performance, minimal downtime, and robust architecture, it handles complex tasks well and remains steady during operations. Frequent updates enhance its reliability. Users noted occasional high resource consumption, impacting other processes. No significant bugs, glitches, or crashes are reported, and ratings are high, often scoring around 8 or more on stability. Some users mentioned a single instance of downtime within an extended period.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Invicti Buyer's Guide for additional reliable information.