IT Central Station is now PeerSpot: Here's why

Invicti OverviewUNIXBusinessApplication

Invicti is #12 ranked solution in AST tools and #14 ranked solution in application security tools. PeerSpot users give Invicti an average rating of 8 out of 10. Invicti is most commonly compared to OWASP Zap: Invicti vs OWASP Zap. Invicti is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 30% of all views.
Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: June 2022

What is Invicti?

Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.

Invicti was previously known as Mavituna Netsparker.

Invicti Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Invicti Video

Invicti Pricing Advice

What users are saying about Invicti pricing:
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

Invicti Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Lead Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Top 5
A customizable security testing solution with good tech support, but the price could be better
Pros and Cons
  • "The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
  • "The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."

What is our primary use case?

We use Netsparker by Invicti to run tests for application security based on OWASP Top 10.

What is most valuable?

The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support.

What needs improvement?

The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license.  It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support.

For how long have I used the solution?

I have been using Netsparker by Invicti for about five years.
Buyer's Guide
Application Security
June 2022
Find out what your peers are saying about Invicti, PortSwigger, HCL and others in Application Security. Updated: June 2022.
610,190 professionals have used our research since 2012.

What do I think about the stability of the solution?

We haven't had any problems with stability.

What do I think about the scalability of the solution?

Scalability is simple because we are using it as a standalone application at the moment. It's installed in one of our testing environments. So, I cannot really comment about scalability. We have about three to five people using it at the moment.

How are customer service and support?

Tech support is really wonderful, and they are very helpful and prompt with responses as well. If we have some queries regarding macros, regarding the APIs, the customer support is really good, and they have good recommendations as well.

How was the initial setup?

The initial setup is straightforward. 

What's my experience with pricing, setup cost, and licensing?

Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license.

Which other solutions did I evaluate?

There are different products in the market for DAST like Micro Focus, IBM AppScan, Acunetix, and Burp Suite. All these products have their pros and cons. Netsparker is really good, and it has a vast variety for security checks, plugins, that could be used for finding vulnerabilities.

What other advice do I have?

I would tell potential users that it's really one of the best products in the market for web application security or Dynamic Application Security Testing (DAST). The licensing part is challenging, but they might get a good deal out of the Netsparker team. On a scale from one to ten, I would give Netsparker by Invicti a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Consultant Cyber Security at a tech services company with 51-200 employees
Consultant
Top 5
A fast solution that is easy to deploy, configure, and use
Pros and Cons
  • "I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
  • "They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

What is most valuable?

I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool.

It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.

What needs improvement?

They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams.

It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one.

For how long have I used the solution?

We started to use Netsparker Web Application Security Scanner in February of this year. We are using its latest version.

What do I think about the stability of the solution?

It is pretty stable. 

What do I think about the scalability of the solution?

It is scalable.

How are customer service and technical support?

We engage with the local partner and the distributor here for support. We are satisfied with the support here.

How was the initial setup?

The initial setup wasn't a problem for me. I have been using these security tools for a while now.

Which other solutions did I evaluate?

I also use Micro Focus Fortify. The difference is mainly in the UI. I haven't really got into the comparison between the output of the scans, but I was really impressed by the UI and the ease of use of Netsparker Web Application Security Scanner.

What other advice do I have?

I would recommend this solution. I haven't really researched other products, but for me, Netsparker Web Application Security Scanner is a benchmark right now.

I would rate Netsparker Web Application Security Scanner an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Application Security
June 2022
Find out what your peers are saying about Invicti, PortSwigger, HCL and others in Application Security. Updated: June 2022.
610,190 professionals have used our research since 2012.
Consultant Cyber Security at a tech services company with 51-200 employees
Consultant
Top 5
A good interface that makes it easy to use, and the tool is really fast
Pros and Cons
  • "This tool is really fast and the information that they provide on vulnerabilities is pretty good."
  • "Right now, they are missing the static application security part, especially web application security."

What is our primary use case?

We are a consulting firm and we provide implementation and deployment of solutions to our customers.

What is most valuable?

I am very much impressed by the whole technology.

This tool is really fast and the information that they provide on vulnerabilities is pretty good.

The UI is good and it is really easy to use.

What needs improvement?

With respect to the algorithm that Netsparker is running, they don't really provide the proof of concept up to the level that we need, here in the organization. Specifically, because the tool is running the scan and exploiting the read-only version, it doesn't prove to the customer that the exploit is genuine. We have to perform this manually, but it is difficult to prove to the concerned team, whether it is the development team, the remediation team, or the security team.

Right now, they are missing the static application security part, especially web application security. If they can integrate a SaaS tool with their dynamic one then it would be really helpful.

For how long have I used the solution?

I have been working with Netsparker for several months.

What do I think about the stability of the solution?

We have not experienced any bugs or glitches, so it seems stable.

What do I think about the scalability of the solution?

Scalability-wise, it is pretty good.

How are customer service and technical support?

We have been engaged with the local partner and we get a good level of support.

Which solution did I use previously and why did I switch?

We also use Micro Focus Fortify and I have not had a chance to compare the scans, but I prefer the interface and ease of use with Netsparker. It is really easy to configure and deploy, as well as communicate this to the client.

How was the initial setup?

The initial setup was not a problem for me, as I have been using these security tools for a while.

What other advice do I have?

Overall, I am satisfied with Netsparker. However, I cannot say at this point that I would recommend it because although it is good, I will now be using it as a benchmark for evaluating other products.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
JoelGeorge - PeerSpot reviewer
Associate at Tata Consultancy
Real User
Top 5
A comprehensive solution for all of your security testing needs
Pros and Cons
  • "It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
  • "Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."

What is most valuable?

It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.

What needs improvement?

Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product.

For how long have I used the solution?

I used this solution for around 16 months. We were using its latest version. 

It was a cloud deployment. It was an internal cloud. The company bought the cloud version and then hosted it internally.

What do I think about the stability of the solution?

It's good. I believe it went down only once in 16 months. It never had any other problem.

How are customer service and support?

Their support was good. They were quite prompt with their responses. When we had any issues, we reached out, and they did respond quickly.

How was the initial setup?

It was done by my company's IT team, and I was not involved in that.

What about the implementation team?

We basically had them implement it in-house for us. So, it was done in-house, but it was done by Netsparker's team. It was not done by our team.

In terms of maintenance, it was being managed by a team, but I don't know how many people were managing it in that team.

What other advice do I have?

It is a very good tool. It has an API segment that makes up for the lack of reporting options. You can execute commands on Netsparker by using your command-line interface. By using the API, you will be able to get the kind of information that you are looking for. It'll help you in getting the results that you want.

I would rate it an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PrashantPatil - PeerSpot reviewer
Senior Security Consultant at Verve Square Technologies
Consultant
Top 20
Great active and passive scanning, and reports are generated automatically
Pros and Cons
  • "The solution generates reports automatically and quickly."
  • "The scannings are not sufficiently updated."

What is our primary use case?

We use this product for vulnerability assessment and penetration testing of any web application in addition to API testing. The solution generates reports for us. I'm a security consultant and we are end-users. 

What is most valuable?

The solution generates reports automatically and quickly and it's a very user-friendly product. I like the active and passive scanning, which is a good feature from my perspective.

What needs improvement?

I find that the scannings are not sufficiently updated. 

For how long have I used the solution?

I've been using this solution for four years. 

What do I think about the stability of the solution?

The stability is good, up to the mark. 

What do I think about the scalability of the solution?

The scalability is good and we're likely going to increase usage of Netsparker. 

How are customer service and support?

We contact technical support all the time and they are great. They resolve issues quickly and efficiently. 

Which solution did I use previously and why did I switch?

We also use Burp Suite which is a UI-based tool that I also find to be user-friendly. We use both products so that in the case of false positives we can compare and verify. 

How was the initial setup?

The initial setup is straightforward and the solution doesn't require any maintenance. We currently have 15 users and that number is likely to expand to around 20 in the near future. 

What's my experience with pricing, setup cost, and licensing?

The pricing of the license is compatible with our budget. 

What other advice do I have?

I highly recommend Netsparker and rate it eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about Invicti, PortSwigger, HCL, and more!
Updated: June 2022
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about Invicti, PortSwigger, HCL, and more!