Skip to main content

Formerly Netsparker


What is Invicti?

Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and automation and integrations enable customers to achieve broad coverage…

Read more
Recent Reviews

TrustRadius Insights

Netsparker has been widely used by users to enhance their software development lifecycle and ensure the security of their web …
Continue reading
Read all reviews
Return to navigation


View all pricing

What is Invicti?

Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and automation and integrations enable customers to achieve broad coverage of…

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

77 people also want pricing

Alternatives Pricing

What is Acunetix by Invicti?

AcuSensor from Maltese company Acunetix is application security and testing software.

What is GitGuardian Internal Monitoring?

GitGuardian Internal Monitoring helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code…

Return to navigation

Product Demos

Webinar: Invicti Modern Web Application Security & the growing attack surface - Overview & Demo

Return to navigation

Product Details

What is Invicti?

Invicti offers a web application vulnerability scanning solution boasting a combination of accurate scanning with proprietary automatic exploitation technology.

Formerly known as Netsparker, Invicti can identify vulnerabilities in both legacy and modern web applications, regardless of the underlying architecture or platform. Upon identifying an exploitable vulnerability, its scanner uses Proof-Based Scanning™ technology to generate a proof of exploit that confirms the result is not a false positive.

Invicti is available in several variations, depending on customer requirements. Invicti Standard, aimed at SMBs, Invicti Team for large organizations. whilst Invicti Enterprise is a large-scale enterprise offering that not only provides web application security but also helps manage the complexity behind developing and testing web applications in a secure fashion.

Invicti is available as desktop software, a managed service, or an on-premises solution. The vendor states it is trusted and used by organizations from all industry verticals, including IBM, Lowe's, Ford, NFL NASA and Starbucks.

Invicti Features

  • Supported: Vulnerability Scanning
  • Supported: Reporting & Analytics
  • Supported: Issue Tracking
  • Supported: Automated Scans
  • Supported: Detection Rate
  • Supported: False Positive Detection
  • Supported: Proof-Based Scanning
  • Supported: Compliance Testing
  • Supported: Perimeter Scanning

Invicti Screenshots

Screenshot of Vulnerability detectionScreenshot of Netsparker dashboardScreenshot of Integrations/automationScreenshot of Scan and protect your entire asset library in one place

Invicti Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux
Mobile ApplicationNo
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Netsparker has been widely used by users to enhance their software development lifecycle and ensure the security of their web applications. With its proof-based scanning and exploitation capabilities, Netsparker has proven effective in identifying and reducing false positives, saving users valuable time in evaluating and enumerating bugs. Users have found Netsparker to be easy to use, allowing for quick and accurate scans of web vulnerabilities. It has also been praised for its helpful support team, which assists users in resolving false positive cases.

Netsparker's ability to integrate into the software development lifecycle has been highly appreciated by users, as it allows for the validation of secure coding practices during development and after deployment. By using Netsparker, users can shift application security responsibilities to development teams, freeing up security personnel for other important tasks. Customers have reported a significant decrease in false positives and improved detection of security issues compared to their previous solutions.

In addition to its effectiveness in web vulnerability scanning, Netsparker has proven useful in various scenarios. Users have utilized Netsparker for tasks such as verifying XSS, environment migration, conducting Red Team assessments, meeting compliance requirements, and analyzing complex web applications before production. The product's versatility has made it a valuable tool for cybersecurity consultants and developers alike. Overall, Netsparker has gained a reputation as an effective and user-friendly solution for enhancing web application security throughout the development process.

Valuable Tool: Users have found Netsparker to be a valuable tool for finding vulnerabilities, with a good reputation among security companies. Several reviewers have praised the software for its high level of customization, allowing them to fine-tune scanning profiles and create custom report profiles.

Accurate Scan Results: Many users appreciate the accurate and reliable scan results provided by Netsparker. Reviewers have mentioned that the software enumerates more vulnerabilities than other tools and offers additional options. This feature has helped users identify and address potential security risks effectively.

Comprehensive Reports: The detailed vulnerability reports generated by Netsparker have been highly appreciated by users. Numerous reviewers have noted that these reports include remediation steps and provide comprehensive information about the identified vulnerabilities. This has allowed users to take appropriate actions to secure their web applications.

Limited abilities: Some users have expressed that the software has limited capabilities and is unable to effectively troubleshoot endpoints, which has been a disappointment for them. They feel that the software's limitations hinder their ability to fully utilize it.

Lack of certain features: Users have mentioned that the software lacks important functionalities such as automated machine learning and the ability to track consumer behavior. These missing features are considered significant drawbacks by some users who rely on them for comprehensive analysis.

Expensive pricing: According to some users, the software is considered somewhat expensive, especially for the enterprise version. They feel that the cost may not scale well and find it higher compared to other similar products in the market. The pricing aspect raises concerns about value for money among these users.

Users have made several recommendations for Netsparker based on their experiences. First, many users suggest trying out Netsparker as they believe it is the best web application security tool available. They have found it to be faster than competitors like Rapid7 and more thorough than Acunetix. Additionally, users recommend exploring all the functions of Netsparker, including scheduled scans and specific scans, to make the most of its capabilities.

Secondly, users recommend considering Netsparker for development lifecycles with cutting-edge technologies. They have found it to be the easiest to implement and the most comprehensive among other solutions they have tried. Users also suggest using Netsparker early in the development cycle to identify issues and avoid vulnerabilities.

Lastly, users highly recommend Netsparker for security and pentest professionals. They consider it the best web application scanner available and believe it is especially effective against web-based software and for testing APIs and web services. Users have found it to be easy to use, mostly free from false positives, and appreciate the great support provided by Netsparker Cloud.

Overall, users think Netsparker is an excellent choice for assessing web applications and recommend trying the free trial before making a final purchase decision.

Attribute Ratings


(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
November 30, 2019

Netsparker Review

Jatel Desai | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
My organization uses NetSparker for security scanning. It is used to verify that Java APIs are secure when grabbing data from external API databases. NetSparker is constantly run throughout internal applications and systems to ensure the safety of our data. This software has been used by our department for over 20 years.
  • NetSparker has excellent customer service. When our team had to learn to use it for the first time, we had to communicate directly with NetSparker consultants.
  • NetSparker is very user-friendly. It's UI is organized and keeps all the different scans we have set-up in a very clean visual.
  • Netsparker has a selection of workflows and integration tools that make it useful for keeping all of my teammates on the same page.
  • NetSparker does not integrate with all systems. Currently, it is limited to popular systems, using Java for example.
  • NetSparker is priced at a higher range. I believe with all its competition, the pricing could be a little better.
  • NerSparker could improve its user experience. There should be a way to find out if a system has vulnerabilities directly through e-mail.
NetSparker is well suited for companies that use a lot of external API calls and communicate a lot with external customers. When it comes to internal use, NetSparker does not seem like the most practical or most cost-efficient thing to use to detect security issues within a system the team is using.
  • NetSparker has saved the team a lot of time since the scans quicker than our older software.
  • NetSparker has been costing the company a lot compared to previous security software.
  • Netsparker has helped improved our overall business objectives by finding an efficient and collaborative way to run scans on our systems.
Our department used to use Veracode as our security scanning software. Compared to Veracode, Netsparker has a very organized dashboard with built-in tools that making collaborating with other teammates very efficient and easy. Another teammate can definitely take over the work I am doing in NetSparker with minimal explanation.
NetSparker support is amazing. When first introducing this software to the team, there was a lot of communication going on between Netsparker consultants and our team. They have answered our questions very efficiently and have had consultants come to our department for training. They are open to suggestions for improvements and enhancements as well.
Glenn Jones | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User
Netsparker is used by the Application Security Group at Mathematica to dynamically scan development and production websites on a regular basis. It currently scans all applications that we have an authority to operate assigned to. This allows us to make certain that the number of vulnerabilities in the application are not easily discovered and allows us to share the Netsparker vulnerability report with our government clients. By running Netsparker on a regular schedule we can be certain that new vulnerabilities have been introduced into our applications even though we have not modified the application since the last scan was performed. Netsparker also allows us to mitigate false positive reports once they have been reported to us.
  • Netsparker is a product that many security companies use to scan their clients websites. This means it has good reputation and we can use that reputation when we show our Netsparker scan to our clients.
  • Netsparker is very customizable and allows us to reduce the scan time by making sure we do not spend time scanning technologies that are not being used in the application. Once a set of customizations are configured they can be applied to similar types of applications. This allows us to quickly setup a vulnerability scan of new applications.
  • Netsparker includes numerous vulnerability points to test for. This means that sometimes thousands of possible vulnerabilities are tested. Other scanners to do not always scan for all of these types of vulnerabilities.
  • Netsparker Cloud is expensive and restricts the number of website URLs that you are allowed to scan. This restricts us from scanning all of the websites that we create and only allows us to scan a small subset of number of the website we produce.
  • Netsparker is difficult to configure and I often need to open a ticket with support to figure out how to use the product. I have been vulnerability testing websites for over 10 years and I still don't think I really know how to use Netsparker.
  • Netsparker can take a very long time to complete a scan due to the number of items it can scan for. Be certain to reduce the technologies that your scan will be looking at. Also, expect a large website to possibly take over two days to complete. Not something you really want to have happen on a developer checking on some source code.
Netsparker is very thorough but can take a very long time to scan a web application. It can also take a long time to learn and configure. Its thoroughness is a very good part of the product but if the application does [not] need this thoroughness it is probably a waste of time to run Netsparker on the website.
  • Netsparker can perform a very deep vulnerability of a website if you have the time for it to run and the time to learn the product. We need this thoroughness on a number of our websites and the clients are willing to pay for this thoroughness. For this reason, it is quite useful and does what we need.
  • Netsparker can be run through automation but the documentation is lacking in this area. If they had better documentation it wouldn't take so long to get the system running.
I currently use OWASP ZAP, Burp Suite Professional and Veracode Dynamic Scan. ZAP is very easy to use and the web developers use it regularly. Burp Suite is very customizable as is Netsparker but usually take much less time to scan a website. Both of these tools are programmable and allow me to add special items to a scan when I need it. They are also much better documented. Veracode also has a static code analysis tool that we use much more often then the dynamic analysis tool but we do use both parts of Veracode.
We looked at replacing OWASP ZAP and Burp Suite Pro with Netsparker but decided due to the price and limitation on the number of websites that it is allowed to scan we would keep the other two products as well. We kept Netsparker due to its thoroughness in vulnerability scans and the ease, after configuration, to perform these scans.
  • Product Features
  • Product Reputation
  • Vendor Reputation
Netsparker can be configured to perform very deep vulnerability scans. Once you actually figure out how to configure the product it can be setup to perform scan on a regular basis.
I would want to take a lot more time to work with Netsparker to decide if this is the tool to use for our vulnerability scans. In the end, it might have been the best tool for what we needed, however, I am looking at other competing products to throw into the mix of scanners along with Netsparker.
Return to navigation