Invicti Reviews

Name: Invicti
Brand: Invicti
Rating: 4.1 (31 reviews)

Vendor: Invicti

4.1 out of 5

31 reviews
96% willing to recommend

Leave a review

What is Invicti?

Invicti offers advanced web application security testing focused on identifying vulnerabilities like SQL injection and cross-site scripting. Its Proof-Based Scanning minimizes false positives and integrates seamlessly with CI/CD pipelines, making it an effective tool for enterprise environments.

Get the Invicti Buyer's Guide and find out what your peers are saying about Invicti, SonarQube, Snyk and more!

Invicti is the #4 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #5 ranked solution in top Application Security Posture Management (ASPM) solutions, #8 ranked solution in top Software Composition Analysis (SCA) solutions, #8 ranked solution in API Security Solutions, #10 ranked solution in AST tools, and #24 ranked solution in Container Security Solutions. PeerSpot users give Invicti an average rating of 8.2 out of 10. Invicti is most commonly compared to SonarQube: Invicti vs SonarQube. Invicti is popular among the large enterprise segment, accounting for 47% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 892,287 peers since 2012

Featured Invicti reviews

Valavan Sivgalingam

Senior Manager, Security Engineering at ESS

It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.

Read full review

PrashantUppuluri

Solution Architect at a tech services company with 51-200 employees

A good scanning engine is what I appreciate about Invicti. When you want to find out the vulnerabilities within your web applications, Invicti has done a thorough job with respect to filtering out the vulnerabilities and identifying the risk factors with respect to the security modules within the solution. Invicti does have a segment of the solution which works on the automated scanning engine. As long as the license is active, the scanners that work within the solution are pretty effective. With respect to SAST and DAST, being a real-time scanning engine is one of the portfolios and one of the selling factors of the solution. Invicti is known to be a solution that works within the hybrid environment, be it cloud, on-premises, or a mix and match across multiple marketplaces. It does a thorough job. Most importantly, Invicti is a very good SAST and DAST solution that is very competitive in the market with respect to competitors. Invicti is a part of the Magic Quadrant with respect to Gartner's Magic Quadrant and has made a very good customer database and pipeline within the marketplace locally. With respect to security impacts in terms of support, Invicti is pretty much supportive. With respect to use cases or the POCs I have run on the solution, we have identified a couple of vulnerabilities and Invicti was able to trace them, detect, and quarantine the attacks.

Read full review

Kunal M

Capability Center Leader, ETRM Platforms at Shell

Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Read full review

Invicti mindshare

Product category:

As of April 2026, the mindshare of Invicti in the Dynamic Application Security Testing (DAST) category stands at 8.8%, up from 6.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST) Mindshare Distribution
Product	Mindshare (%)
Invicti	8.8%
Veracode	16.6%
Checkmarx One	15.3%
Other	59.3%

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Invicti reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Apr 29, 2026	Download
Product	Reviews, tips, and advice from real users	Apr 29, 2026	Download
Comparison	Invicti vs Veracode	Apr 29, 2026	Download
Comparison	Invicti vs Checkmarx One	Apr 29, 2026	Download
Comparison	Invicti vs OpenText Dynamic Application Security Testing	Apr 29, 2026	Download

Valuable Features

Invicti's most valuable features include comprehensive scanning, proof-based scanning, and robust vulnerability detection. It efficiently integrates with security tools for seamless management. Its user-friendly interface aids in vulnerability analysis and reduces false positives. Invicti excels in confirming vulnerabilities like SQL injection and cross-site scripting. Scalable for enterprises, it supports larger assessments without performance issues. The API testing and flexible authentication enhance testing across various applications, offering thorough protection and supporting proactive DevOps integration.

"The solution generates reports automatically and quickly and it's a very user-friendly product."
"It is a very good tool."
"I would tell potential users that it's really one of the best products in the market for web application security or Dynamic Application Security Testing (DAST)."

Room for Improvement

Invicti users note slow scanning speed, particularly with large applications, impacting other program performance and increasing CPU usage. The interface is considered cluttered, and there are issues with proof of concept verification during scans. Authentication features, multi-factor integration, and license flexibility need enhancement. Users seek better reporting options, broader vulnerability detection, and support for DB2 databases. SSO integration is lacking, and improved support documentation is requested. Pricing is considered high compared to competitors.

"I find that the scannings are not sufficiently updated."
"Reporting should be improved. The reporting options should be made better for end-users."
"Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted."

Pricing

Invicti's pricing appeals to enterprise buyers seeking a flexible and competitive solution in the security market. While some report it as costly, especially for small to medium businesses, large enterprises find it aligns well with budget expectations. Offering per-user and per-year licensing models, the solution supports flexible options. Despite high costs for advanced features, Invicti remains competitive against alternatives like Acunetix and WebInspect. Setup and licensing generally fall within acceptable limits for most organizations.

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

Popular Use Cases

Invicti is primarily utilized for automated web application security testing, focusing on identifying vulnerabilities such as SQL injection, XSS, and CSRF. It supports continuous penetration testing, vulnerability assessment, and compliance with regulations like PCI DSS and GDPR. Users leverage it to scan and secure web applications, APIs, and endpoints, generating detailed reports and improving security measures. It offers dynamic and static security testing and facilitates vulnerability remediation and prioritization.

Service and Support

Invicti's customer service and support receive high praise for professionalism and responsiveness, with ratings often reaching 8 or 9 out of 10. Technical support is detailed, offering demos and resolving issues efficiently. There are occasional language challenges but generally praised for swift issue resolution through multiple channels, including emails, social media, and active Google groups. Regional support varies, engaging local partners effectively, while direct technical support remains prompt and thorough in addressing queries.

Deployment

Invicti's initial setup is described as straightforward and user-friendly, with clear instructions minimizing guesswork. Many highlight the ease of installation across different environments, whether cloud-based or on-premises. Comprehensive documentation aids in configuration and integration with other tools, streamlining the process. Some note that enterprise environments or advanced features require additional steps but find these manageable with provided guides. Users emphasize the simplicity and quick configuration, making Invicti accessible for varied technical backgrounds.

Scalability

Invicti demonstrates strong scalability, handling large-scale web applications effectively. Multiple users highlight its ability to run concurrent instances and its adaptability to various platforms. Some note trade-offs between speed and accuracy, while deployment on larger networks shows promising scalability. Ratings commonly range from eight to 9.5 out of ten, affirming its ability to meet growing organizational needs without major issues. Occasional performance slowdowns during heavy operations are mentioned, but are not widespread concerns.

Stability

Invicti demonstrates strong stability, handling complex scanning with minimal downtime. Many praised its consistent performance, rating it highly, often 8 to 10 out of 10. Users noted it as stable, with rare crashes, no significant issues, and efficient resource management. Frequent updates and a robust architecture enhance functionality. However, some mentioned it could slow other processes, especially during resource-intensive operations, but it remains highly reliable for web application security tasks.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Invicti Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	11
Midsize Enterprise	3
Large Enterprise	12

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	135
Midsize Enterprise	78
Large Enterprise	191

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

Computer Software Company

Government

Comms Service Provider

Retailer

Construction Company

Transportation Company

University

Legal Firm

Healthcare Company

Outsourcing Company

Educational Organization

Real Estate/Law Firm

Energy/Utilities Company

Recreational Facilities/Services Company

Performing Arts

Insurance Company

Marketing Services Firm

Wholesaler/Distributor

Media Company

Non Tech Company

Religious Institution

Security Firm

Consumer Goods Company

Leisure / Travel Company

Wellness & Fitness Company

Non Profit

Compare Invicti with alternative products

Learn more about Invicti

Invicti provides comprehensive scanning capabilities that include detecting and verifying critical vulnerabilities and security data consolidation. Its scalable scanning engine and robust API support allow for flexible testing across diverse environments, including web and API testing. Despite some drawbacks like limited single sign-on integration and slow scanning speeds for large applications, Invicti remains a popular choice for automating security assessments, ensuring compliance with standards like OWASP Top 10, PCI DSS, and GDPR.

What are the key features of Invicti?

Comprehensive Vulnerability Scanning: Detects vulnerabilities like SQL injection and XSS.
Proof-Based Scanning: Confirms exploitability and reduces false positives.
CI/CD Integration: Seamlessly integrates with development pipelines.
Security Data Consolidation: Centralizes data for better insights.
User-Friendly Interface: Facilitates easy analysis and reporting.
Scalable Scanning Engine: Supports testing in enterprise environments.
Robust API Support: Enhances flexibility in testing.

What benefits and ROI should users look for in reviews?

Proactive Security: Actively identifies and verifies vulnerabilities to prevent breaches.
Regulatory Compliance: Helps maintain compliance with standards like PCI DSS and GDPR.
Efficient Vulnerability Management: Aids in prioritizing remediation efforts.
Integration Capabilities: Streamlines processes with CI/CD pipeline compatibility.

In industries like finance, healthcare, and e-commerce, Invicti is implemented to bolster security through automated vulnerability assessments. Its ability to provide insightful reports and remediation suggestions assists companies in efficiently managing security risks and achieving compliance with critical regulatory standards.

Invicti was previously known as Netsparker.

Invicti customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Title	Rating	Mindshare	Recommending
SonarQube	4.0	N/A	84%	136 interviews Add to research
Snyk	4.1	N/A	100%	51 interviews Add to research

Author info	Rating	Review Summary
Senior Manager, Security Engineering at ESS	4.0	I've used Invicti for over three years for web and API testing; it's reliable in identifying vulnerabilities, though scan performance needs improvement. Setup is easy, support is good, and it's well-suited to our SSDLC and technology stack.
Solution Architect at a tech services company with 51-200 employees	4.0	I've used Invicti for three years to secure web applications; it’s easy to deploy, scalable, and offers effective SAST and DAST scanning, with solid vulnerability detection and good support, especially for SMBs in hybrid environments.
Capability Center Leader, ETRM Platforms at Shell	4.0	I use Invicti for code scans to identify vulnerabilities and secrets, aiding our development teams in prioritizing tasks. Its proactive scanning is valuable, though its reporting needs improvement for enterprise-level insights. Invicti was my first such tool.
Cyber Security Engineer at Spartec	5.0	I primarily use Netsparker for website scanning, appreciating its interactive interface and scalability for securing large-scale applications. Previously, I used Tenable.io but found Netsparker more engaging. There's currently nothing I wish to improve about it.
CEO at Xcelliti	3.5	We use Invicti for vulnerability testing, especially in fintech. It excels in proof-based scanning with minimal false positives, integrates well with CI/CD pipelines, and offers good scalability. However, improvements are needed in user interface, documentation, and support.
Senior Manager, Security Engineering at ESS	4.0	I use Invicti primarily for web application and API testing. I find its API testing and false positive checks valuable, though improvements in scanning time and authentication features are needed. I also use Burp Suite and HCL AppScan for specific tasks.
Senior Information Security Analyst at EastNets Holding Ltd.	4.5	We use Invicti to initialize applications before client release, deploying and scanning for specific server issues, language, and vulnerabilities. Its strengths are confirming access and SSL injection vulnerabilities and connecting with other security tools. However, report specificity needs improvement.
Presales Consultant at Cyberwise	4.0	We use Invicti to detect vulnerabilities and ensure compliance with regulations like PCI DSS and GDPR. Its proof-based scanning reduces false positives and saves time. However, the costly licensing, lengthy scan times, and need for more integrations are drawbacks.

Invicti Reviews

What is Invicti?

Featured Invicti reviews

Invicti mindshare

PeerResearch reports based on Invicti reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Invicti with alternative products

Learn more about Invicti

Invicti customers

Related questions

Product Categories

Popular Comparisons