Invicti Reviews

We use Invicti for dynamic application security testing and to integrate files into the pipeline.

The most valuable feature of Invicti is getting baseline scanning and incremental scan.

The solution's false positive analysis and vulnerability analysis libraries could be improved.

I have been using Invicti for a couple of years.

Invicti is a stable solution with no bugs or breakdowns.

Invicti is a scalable solution. Around 18 users are using the solution in our organization.

We regularly contact Invicti's technical support when we face issues. The solution's technical support team is not reliable enough to provide us with solutions.

We previously used a different solution called AppScan Standard. We switched to Invicti because Gartner has a good rating for Invicti, and Invicti has a good vulnerability analysis compared to AppScan Standard.

Invicti's initial setup is average and neither easy nor complex.

Invicti is the best user-friendly tool for dynamic application security testing (DAST) compared to other solutions.

Overall, I rate Invicti a nine out of ten.

It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.

Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product.

I used this solution for around 16 months. We were using its latest version. 

It was a cloud deployment. It was an internal cloud. The company bought the cloud version and then hosted it internally.

It's good. I believe it went down only once in 16 months. It never had any other problem.

Their support was good. They were quite prompt with their responses. When we had any issues, we reached out, and they did respond quickly.

It was done by my company's IT team, and I was not involved in that.

We basically had them implement it in-house for us. So, it was done in-house, but it was done by Netsparker's team. It was not done by our team.

In terms of maintenance, it was being managed by a team, but I don't know how many people were managing it in that team.

It is a very good tool. It has an API segment that makes up for the lack of reporting options. You can execute commands on Netsparker by using your command-line interface. By using the API, you will be able to get the kind of information that you are looking for. It'll help you in getting the results that you want.

I would rate it an eight out of ten.

We use this product for vulnerability assessment and penetration testing of any web application in addition to API testing. The solution generates reports for us. I'm a security consultant and we are end-users. 

The solution generates reports automatically and quickly and it's a very user-friendly product. I like the active and passive scanning, which is a good feature from my perspective.

I find that the scannings are not sufficiently updated. 

I've been using this solution for four years. 

The stability is good, up to the mark. 

The scalability is good and we're likely going to increase usage of Netsparker. 

We contact technical support all the time and they are great. They resolve issues quickly and efficiently. 

We also use Burp Suite which is a UI-based tool that I also find to be user-friendly. We use both products so that in the case of false positives we can compare and verify. 

The initial setup is straightforward and the solution doesn't require any maintenance. We currently have 15 users and that number is likely to expand to around 20 in the near future. 

The pricing of the license is compatible with our budget. 

I highly recommend Netsparker and rate it eight out of 10. 

I primarily use Invicti for onboarding on the performance side.

Invicti's best feature is the ability to identify vulnerabilities and manually verify them.

Invicti takes too long with big applications, and there are issues with the login portal.

I've been using Invicti for four to five years.

Invicti sometimes stops working when dealing with large applications.

The initial setup was easy.

I would give Invicti a rating of nine out of ten.

I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool.

It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.

They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams.

It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one.

We started to use Netsparker Web Application Security Scanner in February of this year. We are using its latest version.

It is pretty stable. 

It is scalable.

We engage with the local partner and the distributor here for support. We are satisfied with the support here.

The initial setup wasn't a problem for me. I have been using these security tools for a while now.

I also use Micro Focus Fortify. The difference is mainly in the UI. I haven't really got into the comparison between the output of the scans, but I was really impressed by the UI and the ease of use of Netsparker Web Application Security Scanner.

I would recommend this solution. I haven't really researched other products, but for me, Netsparker Web Application Security Scanner is a benchmark right now.

I would rate Netsparker Web Application Security Scanner an eight out of ten. 

We are a consulting firm and we provide implementation and deployment of solutions to our customers.

I am very much impressed by the whole technology.

This tool is really fast and the information that they provide on vulnerabilities is pretty good.

The UI is good and it is really easy to use.

With respect to the algorithm that Netsparker is running, they don't really provide the proof of concept up to the level that we need, here in the organization. Specifically, because the tool is running the scan and exploiting the read-only version, it doesn't prove to the customer that the exploit is genuine. We have to perform this manually, but it is difficult to prove to the concerned team, whether it is the development team, the remediation team, or the security team.

Right now, they are missing the static application security part, especially web application security. If they can integrate a SaaS tool with their dynamic one then it would be really helpful.

I have been working with Netsparker for several months.

We have not experienced any bugs or glitches, so it seems stable.

Scalability-wise, it is pretty good.

We have been engaged with the local partner and we get a good level of support.

We also use Micro Focus Fortify and I have not had a chance to compare the scans, but I prefer the interface and ease of use with Netsparker. It is really easy to configure and deploy, as well as communicate this to the client.

The initial setup was not a problem for me, as I have been using these security tools for a while.

Overall, I am satisfied with Netsparker. However, I cannot say at this point that I would recommend it because although it is good, I will now be using it as a benchmark for evaluating other products.

I would rate this solution an eight out of ten.

Our primary use case is for web applications but rather than being in a production environment, it's in a testing environment. We check for vulnerabilities found in the test environment and remediate them. Following that, we publish the web application for web production. We are customers of Netsparker and I'm the retail services senior manager.

The most valuable features that I've found in this solution was the level of accuracy and also that the process of scanning was very quick and we're easily able to change the frame of a scan. I use the many applications and security management tools and the accuracy is important for me. Other solutions like NetBus don't have such an accurate timeline. 

Improvement could be made in the area of production. Features like macro recording that I've used in other solutions would improve this product. Recording macro for complex applications, especially web applications where there is a complex web application for login or logout format. We could record the macro for login to make a dynamic scanning process, which makes it easier to scan methodology. We need to be able to record the macro. I think a feature like that would add a lot to the solution. 

I've been using this solution for three months.

I think the stability of Netsparker enterprise product is very cool. And the application scanning was very successful. No time outs, no downtime the stability and the service was very, very good. 

I'm satisfied with the technical support. 

Initial setup was straightforward and didn't take much time. It was smooth and successful. 

This is not a simple solution, there is a complexity there. A lot of companies here don't like the idea of using a cloud provider or cloud application for scanning. We prefer to have stand-alone applications and not use the cloud. It's something they could offer, like Qualys.

I would rate this solution an eight out of 10.

We're primarily used the solution as a proof of concept using it for assessing the security of one of our web applications.

The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports.

The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them.

The solution is very stable.

As I was only working on the demo version of the solution, I can't speak to how scalable it would be.

The technical support team was very helpful. They offered me a demo before I started using the tool, and the demo was very impressive.

We previously used a different tool, but it was also a demo, like Netsparker. We wanted to try Netsparker, so we moved to their demo.

The initial setup was straightforward.

I handled the implementation myself.

I tried some different tools. Some of them were full versions whereas others were demo versions like Netsparker.

We're using a demo of the latest version for a POC. We used the on-premises deployment model.

I'd recommend Netsparker for anyone who wants to make a security assessment for web applications.

I'd rate the solution nine out of ten. The tool is full of useful features. However, the intercepting reviews in terms of web requests need some enhancements to be more usable.

Our primary use case of this solution is to assess the security of our web application security.

One of the features I like about this program is the low number of false positives and the support it offers. 

The program uses technology that is different from application scanners. It's not an incremental solution. It could be a new product, but I'm not that knowledgeable to know which products are part of a suite. Netsparker doesn't provide the source code of the static application security testing. I would love to see a completion of the offering with statistical analysis. 

Every customer has its own nuance, so I don't think it's really an issue when it comes to the user interface. Every customer has something that they would like different because they're used to something different. In my opinion, there is not very much to mention besides changing as little as possible. Something that Microsoft often does, is to change things with every release and users don't like that. 

I would also see the price being at least 20% cheaper because the market is currently very crowded and there are many vendors and clients. A lower price will get more sales. 

The solution is quite stable.

When it comes to scalability, we tend to do one test at a time. It could be faster but there is always a trade-off between speed and accuracy. Accuracy is more important than speed.

I rate the technical support seven out of ten, which is average to me. I don't have special requests that would stress a support team and so far my issues were resolved in a reasonable time. Should I have an emergency, I believe they will be very responsive.

The initial setup is quite straightforward.

There are many average products on the market, but I prefer Netsparker because to me wasting time after false positives is the worst thing that can happen. Accuracy is the most important thing to me. I rate Netsparker eight out of ten.

I use this solution for automated web application testing, and upon the first sight of the web app. I work alone in my company, so a helping hand is always useful. Netsparker did the job.

I use it principally for mapping the web application attack surface using its really good crawler.

Netsparker has done an awesome job with its crawler, as it has found all of the links (also thanks to its good DOM parser).

It has helped me a great deal on a first try over websites.

Netsparker made my work a lot easier in mapping web applications.

The most valuable feature is the crawler because it can found many links and generate close to a full sitemap.

It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites.

It also parses web services like SOAP, REST API, WSDL, and more.

Another thing I really like about Netsparker is the payload list that covers, including every type of vulnerability.

Netsparker Hawk is another good "tool", as it helped me locate some easy-to-find SSRF and XXE vulnerabilities in production websites. Its technology is really good and works well. OOB (Out Of Band) payloads work well.

The scanner itself should be improved because it is a little bit slow.

CPU usage should be improved due to my PC's fan going mad.

RAM usage also should be improved as well.

The attacker part of the scanner should be more fluid and faster.

There should be some option to tune up the scan, like throttling requests or using some WAF/IDS/IPS bypass technique. It needs more than what is currently in the Advanced Options.

The passive analyzer for some vulnerabilities should be improved, as it doesn't get all vulnerabilities. It should also be more efficient.

The scanner should also use some cool techniques to inject payloads, like replacing the entire body and Content-Type header (like for XML input).

The customer service is good.

There are some problems with languages (like for Italian they send you people who can speak Italian just a bit, but it's ok).

I have used Burp Suite Professional and Acunetix.

I switched to Netsparker just to try it and understand how it works.

The setup is really easy and straightforward.

For the trial, Netsparker itself contacted me by phone. Their support is really nice and helpful.

I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on.

I did not evaluate other options.

You can use Netsparker but use it carefully as some payloads can be dangerous in production. This is the same as Acunetix, WebInspect, and others.

Every scanner should have an option like Burp Suite to use dangerless payloads (with Distribute Damage extension).