Home Security Invicti (formerly Acunetix and Netsparker)

Web Application and API Security Platform

Invicti (formerly Acunetix and Netsparker)

Invicti is a DAST-based platform for automated web application and API security testing that easily scales to meet business needs.

The product combines the experience of Invicti, Netsparker and Acunetix solutions, which have proven themselves for many years for organizations from various industries, including Fortune 500 leaders.

invicti_logo_Purple

Request for free Invicti Trial

Leave your contact details and we will get in touch with you



    K

    pages scanned daily

    К

    vulnerabilities discovered daily

    +

    vulnerabilities discovered on each website on average

    %

    of scanned websites have critical issues

    Invicti Clients

    vodafone-gray 300x134
    US-Department-of-Energy-gray300x134
    nato-gray 300x134
    Intel-gray 300x134
    Cisco-gray 300x134
    visa gray

    Invicti Platform

    Web Security Automation

    • The DAST method has a powerful engine that allows teams to detect the maximum number of vulnerabilities, from common ones to blind vulnerabilities that cannot be found by conventional scanning techniques.

    • Invicti supports authenticated scanning of the main API types: REST, SOAP, GraphQL.

    • The solution automatically scans all types of legacy and modern web applications and allows teams to configure various types of authentication, from simple login and password to login using a digital signature.

    • Using Proof-Based scanning technology, Invicti confirms the existence of 94% of the most serious vulnerabilities, safely exploiting flaws and generating proof, which significantly reduces manual efforts for additional checks.

    Complete Visibility

    • Invicti provides comprehensive visibility through detailed dashboards and integration with Mend.io, which provides an opportunity to monitor the security of web applications using DAST, IAST, SAST, SCA and container security methods.

    • Various integrations are available, such as with ticket systems like Jira, as well as with CI/CD tools, for example from GitHub, GitLab, Jenkins, etc.

    • Invicti provides a wide range of reports, including for compliance like PCI DSS, ISO 27001, NIST SP 800-53, OWASP Top 10.

    • The asset discovery service continuously scans public sources for websites that a company may own (based on top-level and second-level domains, IP addresses, and organization name), and uses machine learning to automatically assign them a potential risk level even before the first scan.

    Scalability

    • The solution uses easily scalable scanning agents, which makes it possible to test a large number of web resources simultaneously.

    • The platform allows teams to schedule regular scans: both full and incremental (partial) that only check new, fixed, or changed parts of a web application, optimizing the process of finding vulnerabilities.

    • Invicti uses machine learning-based AI to improve scanning and also can scan LLMs found in web applications.

    • Comprehensive information about vulnerabilities and recommendations for their remediation provides an opportunity to quickly and efficiently resolve security issues.

    Advanced AI capabilities

    • AI-powered scanning to improve website structure gathering and form autofill.

    • Ability to run LLM security testing on a website to find vulnerabilities such as prompt injection.

    • AI-based assistant can provide helpful recommendations, allowing teams to speed up workflows and learn more about vulnerabilities.

    • Predictive Risk Scoring based on machine learning in website detection automatically predicts the risk level of a found web resource, which helps with prioritization.

    • These features can be disabled if needed, and they are present mostly in the cloud version.
    ai-invicti_security
    sca_mend_invicti

    Seamless Integration with SAST, SCA, Container Security

    • Invicti DAST has ready-made integration with Mend.io, specifically with the modules:
      SAST (Static Application Security Testing): searches for vulnerabilities directly in the code.
      SCA (Software Composition Analysis): detects vulnerable and outdated libraries, checks their licensing.
      Container Security: scans containers for vulnerabilities.

    • This allows teams to centralize all findings, conveniently manage vulnerabilities from a single interface, and correlate DAST and SAST results to better understand the risks in applications.

    An add-on for API discovery – API Security – can be added to the platform. It allows teams to find undocumented and lost APIs, as well as synchronize the latest versions of definitions through integration with their management systems.

    Invicti Security also has an Application Security Posture Management (ASPM) product – Invicti ASPM. It allows teams to centralize all scans and vulnerabilities from different security scanners into a single tool.

    FAQ

    How does DAST (black-box testing) work in Invicti?

    Dynamic Application Security Testing (DAST) performs safe imitation of hacker actions, thereby detecting vulnerabilities in web resources.

    What is IAST (gray-box testing) in Invicti?

    IAST is an additional component that extends the functionality of Dynamic Application Security Testing (DAST). An agent on the web server analyzes the code of a running website, improving coverage during testing, which helps to find more vulnerabilities.
    In addition, when technically possible, IAST provides the line number of the code in a specific file that needs to be fixed. This enables faster remediation, which is especially important in the case of critical vulnerabilities.

    Does Invicti confirm the vulnerabilities found?

    The solution confirms 94% of serious vulnerabilities. This is mostly done with proof of their exploitation.

    Is the solution capable of testing APIs?

    Yes, the platform supports REST, SOAP, GraphQL and gRPC API testing.

    Is integration with ticketing systems and CI/CD possible?

    Yes, a large number of integrations are available, including Jira, Jenkins, GitLab, GitHub, Azure.

    Does the solution provide reports?

    Yes, the platform provides the ability to generate detailed reports in various formats (HTML, PDF), including for compliance with standards such as PCI DSS, ISO 27001 and OWASP Top 10, also export vulnerabilities in XML format is available, etc.

    How does the integration with Mend.io work?

    The platform provides an opportunity to receive scan results from Mend.io and have centralized visibility into findings from DAST, IAST, SAST, SCA, container security in one console.

    What are the deployment options?

    The solution supports on-premises, cloud and hybrid deployment.

    Can the solution be tested for free?

    Yes, a free temporary license for testing can be provided. To receive it, please contact us in a way convenient for you.

    Invicti | Press center

      Leave your contact details and we will get in touch with you