Try our new research platform with insights from 80,000+ expert users
Invicti Logo

Invicti Reviews

Vendor: Invicti
4.1 out of 5
Badge Leader
Leave a review

What is Invicti?

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Get the Invicti Buyer's Guide and find out what your peers are saying about Invicti, SonarQube Server (formerly SonarQube), Snyk and more!
Invicti is the #5 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #7 ranked solution in API Security Solutions, and #14 ranked solution in AST tools. PeerSpot users give Invicti an average rating of 8.2 out of 10. Invicti is most commonly compared to SonarQube Server (formerly SonarQube): Invicti vs SonarQube Server (formerly SonarQube). Invicti is popular among the large enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.
Buyer's Guide
Invicti
August 2025
Get the report
Helped 866,218 peers since 2012

Featured Invicti reviews

Read more reviews

Invicti mindshare

Product category:
Dynamic Application Security Testing ...
As of August 2025, the mindshare of Invicti in the Dynamic Application Security Testing (DAST) category stands at 12.3%, up from 11.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
Invicti12.3%
OpenText Dynamic Application Security Testing18.1%
HCL AppScan14.9%
Other54.699999999999996%
Dynamic Application Security Testing (DAST)

PeerResearch reports based on Invicti reviews

TypeTitleDate
CategoryDynamic Application Security Testing (DAST)Aug 29, 2025Download
ProductReviews, tips, and advice from real usersAug 29, 2025Download
ComparisonInvicti vs HCL AppScanAug 29, 2025Download
ComparisonInvicti vs Rapid7 InsightAppSecAug 29, 2025Download
ComparisonInvicti vs OpenText Dynamic Application Security TestingAug 29, 2025Download
Suggested products
TitleRatingMindshareRecommending
SonarQube Server (formerly SonarQube)4.0N/A81%116 interviewsAdd to research
Snyk4.0N/A100%48 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Invicti's valuable features include its comprehensive scanning engine capable of detecting vulnerabilities like SQL injection and cross-site scripting, proof-based scanning with reduced false positives, and detailed reporting. Its user-friendly interface supports easy navigation, while integration with security tools enhances data management. Scalability suits large enterprises without performance issues. The ability to confirm vulnerabilities confidently, verify issues, and support DevOps environments for proactive scanning rounds up its notable advantages.
  • "Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
  • "Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
  • "I would rate the stability as ten out of ten."

Room for Improvement

Invicti users suggest improvements in speed and performance, specifically highlighting issues with CPU and RAM usage during scans, which can slow other applications. Licensing costs are a concern due to URL restrictions. There is a need for enhanced reporting options, streamlined login functionalities, and better support for multifactor authentication. Users call for broader database and technology integration, improved support response time, and a more user-friendly interface.
  • "Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerability remediation over time."
  • "Invicti's reporting capabilities need enhancement."
  • "Currently, there is nothing I would like to improve."

Pricing

Enterprise buyers of Invicti report varied experiences with pricing and licensing. Pricing is seen as competitive in the security market, with flexible models based on needs. While some note Invicti is expensive, particularly for small businesses, others find the price justified for its capabilities. Subscriptions start around $5,000 to $10,000 for smaller entities, with enterprise solutions priced higher. Licensing processes generally comply with organizational budgets, though some users recommend additional tools for advanced analysis.
  • "The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
  • "Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
  • "We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

Popular Use Cases

Organizations utilize Invicti primarily for automated web application security testing, identifying vulnerabilities such as SQL injection and XSS exploitation. They employ it for continuous penetration testing, vulnerability assessment, and API testing. Invicti supports security efforts by generating compliance reports and assists in vulnerability remediation, helping prioritize risk management. It is used for mapping attack surfaces, dynamic application security testing, and ensuring overall web application security in test environments before production deployment.

Service and Support

Invicti's support is praised for high professionalism and responsiveness, often achieving ratings between eight to ten. Their team efficiently manages queries through various platforms, ensuring prompt resolutions. Some highlight language barriers, particularly for Italian, and suggest room for improvement in reliability and emergency situations. Many appreciate regular communication and informative resources like wikis and YouTube. Engagement with local partners enhances satisfaction. Some users regularly benefit from timely, effective assistance, while few haven't yet interacted with support.

Deployment

Many users describe Invicti's initial setup as straightforward and user-friendly. It features a simple installation process with comprehensive documentation aiding configurations, such as CI/CD integrations and automated scans. While basic deployment often takes minimal time, more complex environments may need extra customization. Role-based access and authentication setups require attention but are manageable. The setup can vary slightly in time depending on deployment specifics, like on-premises versus cloud-based approaches.

Scalability

Invicti is praised for its scalability, handling large-scale applications effectively. Users find it flexible across different instances and platforms, with modular architecture supporting sizable deployments. While generally reliable, some report occasional performance lags during extensive tasks. Users in various enterprises appreciate its capabilities, rating scalability high. Machine resource allocation can influence performance, but accuracy is prioritized over speed. Invicti supports enterprise-wide processes and is deemed suitable for growing organizations.

Stability

Many users express satisfaction with Invicti's stability, citing no significant downtime or crashes. It is described as resource-intensive, which can affect performance of other processes. Users appreciate its consistent performance, robust architecture, and regular updates. Some report exceptional stability during complex tasks, although handling large applications may cause it to stop working. Invicti is often rated highly for stability, although earlier versions had issues completing scans in a timely manner.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Invicti Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise12
By reviewers
By visitors reading reviews
Company SizeCount
Small Business121
Midsize Enterprise101
Large Enterprise270
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
14%
Manufacturing Company
9%
Government
9%
Comms Service Provider
5%
Retailer
4%
University
4%
Educational Organization
4%
Healthcare Company
4%
Energy/Utilities Company
3%
Construction Company
2%
Legal Firm
2%
Transportation Company
2%
Recreational Facilities/Services Company
2%
Insurance Company
2%
Performing Arts
2%
Real Estate/Law Firm
2%
Media Company
1%
Security Firm
1%
Non Tech Company
1%
Consumer Goods Company
1%
Non Profit
1%
Outsourcing Company
1%
Leisure / Travel Company
1%
Hospitality Company
1%
Wholesaler/Distributor
1%
Logistics Company
1%

Compare Invicti with alternative products

Go!

Learn more about Invicti

Invicti was previously known as Netsparker.

Invicti customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Related questions

  • 9
When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?
  • 8
Why is Dynamic Application Security Testing (DAST) important for companies?

Product Categories

Product Categories
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
API Security

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Invicti Logo
SonarQube Server (formerly SonarQube) vs Invicti
Snyk vs Invicti Logo
Snyk vs Invicti
Checkmarx One vs Invicti Logo
Checkmarx One vs Invicti
Veracode vs Invicti Logo
Veracode vs Invicti
Coverity vs Invicti Logo
Coverity vs Invicti
OpenText Core Application Security vs Invicti Logo
OpenText Core Application Security vs Invicti
OWASP Zap vs Invicti Logo
OWASP Zap vs Invicti
SonarQube Cloud (formerly SonarCloud) vs Invicti Logo
SonarQube Cloud (formerly SonarCloud) vs Invicti
Acunetix vs Invicti Logo
Acunetix vs Invicti
HCL AppScan vs Invicti Logo
HCL AppScan vs Invicti
PortSwigger Burp Suite Professional vs Invicti Logo
PortSwigger Burp Suite Professional vs Invicti
Qualys Web Application Scanning vs Invicti Logo
Qualys Web Application Scanning vs Invicti
OpenText Dynamic Application Security Testing vs Invicti Logo
OpenText Dynamic Application Security Testing vs Invicti
Kiuwan vs Invicti Logo
Kiuwan vs Invicti
Rapid7 InsightAppSec vs Invicti Logo
Rapid7 InsightAppSec vs Invicti
See all alternatives
 
Invicti Reviews Summary
Author infoRatingReview Summary
Capability Center Leader, ETRM Platforms at Shell4.0I use Invicti for code scans to identify vulnerabilities and secrets, aiding our development teams in prioritizing tasks. Its proactive scanning is valuable, though its reporting needs improvement for enterprise-level insights. Invicti was my first such tool.
Senior Manager, Security Engineering at ESS4.0I've used Invicti for over three years for web and API testing; it's reliable in identifying vulnerabilities, though scan performance needs improvement. Setup is easy, support is good, and it's well-suited to our SSDLC and technology stack.
Cyber Security Engineer at Spartec5.0I primarily use Netsparker for website scanning, appreciating its interactive interface and scalability for securing large-scale applications. Previously, I used Tenable.io but found Netsparker more engaging. There's currently nothing I wish to improve about it.
CEO at Xcelliti3.5We use Invicti for vulnerability testing, especially in fintech. It excels in proof-based scanning with minimal false positives, integrates well with CI/CD pipelines, and offers good scalability. However, improvements are needed in user interface, documentation, and support.
Presales Consultant at Cyberwise4.0We use Invicti to detect vulnerabilities and ensure compliance with regulations like PCI DSS and GDPR. Its proof-based scanning reduces false positives and saves time. However, the costly licensing, lengthy scan times, and need for more integrations are drawbacks.
Senior Information Security Analyst at EastNets Holding Ltd.4.5We use Invicti to initialize applications before client release, deploying and scanning for specific server issues, language, and vulnerabilities. Its strengths are confirming access and SSL injection vulnerabilities and connecting with other security tools. However, report specificity needs improvement.
Senior Manager, Security Engineering at ESS4.0I use Invicti primarily for web application and API testing. I find its API testing and false positive checks valuable, though improvements in scanning time and authentication features are needed. I also use Burp Suite and HCL AppScan for specific tasks.
Vice President Application Security North America at BNP Paribas3.5No summary available