Invicti Reviews

I like the way Netsparker provides the comprehensive reports in various formats such as PDF, HTML, etc., which are enough to understand what's going on with our web application.

When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done. By using this wonderful tool, we can easily see on the outstanding reports "Important", "Medium", "Low", and "Information" vulnerabilities. Apart from that, it also visualizes what's wrong with a server such as an outdated version, authorization, version disclosure, etc.

Sometimes, it is slow; when we are running this application and browsing other applications concurrently, it makes other applications work slow. Besides that, it seems fine.

When I use Netsparker along with other applications such as testing web apps on browsers like Chrome or Firefox for a little longer than normal, there are issues that might be due to the CPU high usage. I'm unable to work on other applications (mainly browsers such as Chrome/Firefox) and ultimately it hangs and takes time to browse on browsers.

I have used it for most of the cases when I have to check vulnerabilities and other security exploitation. So, it's been like six months.

I have not use this feature. I will let you know when i am done with deployment.

Until now, I have not encountered any stability issues.

It sometimes hangs when running large web-based applications.

The way they are communicating with users like us, yeah, we can give them 9 out of 10. :)

I have used Acunetix. The reason I switched to Netsparker would be that the performance I found on Acunetix was very slow. It would take something like a day if I had to scan our web-based application product. That is not reliable when you are working with clients who want a quick response regarding how the application performs.

I found initial setup to be straightforward; anyone can set up this solution.

Not from a vendor team.

Price seem to be reliable.

No i did not evaluate other options.

I would definitely recommend it to those who really want to know in-depth details of their applications/products regarding security.

The product’s most valuable features are its security scanning features.

It has improved the security of our code by scanning it and finding security defects.

Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes. Because our solution is large, NetSparker spends about one hour on scanning our code. It also depends on network speed, and just like anti-virus software, the scan time is a key performance requirement for NetSparker. The less the better. Thank you.

I have used it for two years.

I did not encounter any stability issues.

I did not encounter any scalability issues.

Technical support is good.

Initial setup is not complex. Just follow the instructions.

Price is not the key point.

• It has a very user-friendly page.
• Creating custom policies is very easy.
• It searches for a lot of updated vulnerabilities.

Before Netsparker, we were opening internal web pages to the outside for manual tests. Health tests were limited by a system admin’s capabilities. After Netsparker, a lot of the security tests became automated. We added a step in our policy document to scan pages with Netsparker before opening a site to the outside.

Maybe supported clients can be improved. It still does not search vulnerabilities in DB2 databases, for example. In NetSparker you can modify your scan for specifik target database type, programming language and web server type. And there isn’t DB2 database option for database target in scan Editor.

I have been using it for about two years.

On early versions, scanning for vulnerabilities didn’t complete. But now it takes an acceptable amount of time.

I did not encounter any scalability issues. With a licence, you can install and run multiple instances of Netsparker at the same time, of course on different targets. Also, you can restrict network access or requests to the page.

Technical support is very professional, 10/10. They know what they are doing.

We did not previously use a different solution. We started with Netsparker.

Setting up and updating Netsparker is very easy; only one click.

Actually, I am a technical guy; I don’t know exactly the price, but I do know that if the product was expensive, our manager wouldn’t have bought it. J

We tried Acunetix, but Netsparker has one up on it.

You must work on your environment first. List the web applications’ background: the systems they are using, web server type, database type, programming language. Netsparker supports lots of them, but there are still some restrictions. If they know their environment, the decision is easier.

• Simple, easy and straightforward to start.
• eader information is displayed in an easy to ready way which can be interpreted separately.
• Vulnerabilities categorization, along with the suggestions, is pretty helpful.
• Command line tool did seem interesting, but I couldn’t do much with it. It was a bit hard to learn its usage.
• Crawling websites is one of its best features.

NetSparker is a very easy to use and understand product. Its web crawler feature has benefitted us the most. And introduced us to many security vulnerabilities and information we had not known before. I really like how we can tune the number of concurrent sessions as well, which allows us to do some performance testing as well.

It covers basic-intermediate web attacks and presents the information in a very descriptive way. This enhances knowledge and also helps to identify which areas are lacking attention.

Other than that, it helps you start looking for the attack vectors and points of weakness.

Login functionality: Netsparker does not integrate single-sign-on functionality, which makes it very difficult to use for such websites. SSO has become an essential part of web security testing over the last few years. I would love to see this feature in new releases.

I have been using it for ~6 months.

It is a resource-intensive program, and while it is running, other processes get very slow.

I did not encounter any scalability issues.

This was the starting point. We chose this because Troy Hunt (security advisor) had provided a positive and thorough review of this product on his blog.

We used this product along with some others (SkipFish, NMap, etc.) to fully test the security of our products.

As I mentioned before, installing and using Netsparker is pretty easy compared to other products available.

It is a good tool, as we found out with the Community Edition trial. But the price point is quite expensive for a startup or average-sized company.

Other than what I’ve written, it is a fine product but it cannot be used alone. It covers most of the basic-intermediate level attacks, which is really good as a starting point. But for the high-level and advanced analysis, other (similar) tools are needed, which is why I think its price point is very high.

I like that it's stable and technical support is great.

Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses.

I have been working with Invicti for less than six months.

Invicti is a stable solution. 

On a scale from one to ten, I would give stability an eight.

I think Invicti is a scalable solution.

On a scale from one to ten, I would give scalability an eight.

Technical support was great.

Positive

The initial setup was straightforward. I deployed this solution in about two hours.

I implemented this solution. 

Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great.

On a scale from one to ten, I would give Invicti a six.