Invicti Security is a web application security company dedicated to providing automated and accurate security testing for businesses of all sizes. Its core mission is to deliver application security with “zero noise,” meaning it aims to eliminate false positives and provide actionable results. Invicti’s primary goal is to enable organizations to continuously scan and secure all of their web applications and APIs at the speed of innovation. The company strives to help development and security teams (DevSecOps) integrate security into their existing workflows, making it a fundamental part of the development lifecycle.
Invicti has established a strong market reputation as a leader in Dynamic Application Security Testing (DAST). The company was formed by bringing together two established web application security solutions, Netsparker and Acunetix. Invicti is recognized for its proprietary Proof-Based Scanning Technology, which automatically verifies the exploitability of identified vulnerabilities. This focus on accuracy and automation has garnered positive reviews for reducing the time security teams spend on manual verification. The company serves a global client base across various industries, including government, IT, and financial services.
Offerings, Capabilities, and Integrations
Invicti Security provides a comprehensive suite of application security solutions centered around its Dynamic Application Security Testing (DAST) technology. The company’s offerings are designed to automatically scan and identify vulnerabilities in web applications, web services, and APIs. A key competitive advantage for Invicti Security is its “proof-based scanning,” which validates the exploitability of identified vulnerabilities to minimize false positives and allow security teams to prioritize genuine threats. This focus on accuracy, combined with automation and scalability, allows organizations to integrate security testing throughout the software development lifecycle (SDLC), a practice known as DevSecOps. Invicti Security’s platforms are built to provide a holistic view of an organization’s web application portfolio and integrate with a wide array of development and security tools. The company offers extensive integrations with CI/CD pipelines, issue tracking systems, and vulnerability management platforms, which facilitates seamless incorporation into existing developer workflows.
Products and Services
Invicti Security’s product portfolio is the result of combining the strengths of two DAST leaders: Netsparker and Acunetix. The company’s offerings are now unified under the Invicti brand.
- Invicti with DAST: This is the company’s flagship offering, providing automated web application and API security testing. It is designed to scan thousands of applications to identify and confirm vulnerabilities. The platform combines Dynamic Application Security Testing (DAST) with Interactive Application Security Testing (IAST) and Software Composition Analysis (SCA) for more comprehensive coverage.
- Acunetix by Invicti: While being integrated into the core Invicti brand, Acunetix continues to be a distinct product offering. It is also a web application security scanner known for its speed and automation capabilities.
- Invicti Shark (IAST): This Interactive Application Security Testing (IAST) tool works with the DAST engine to confirm more vulnerabilities and reduce false positives. It requires an agent to be deployed on the web server and supports languages like PHP, .NET, Java, and Node.js.
- Integrations: Invicti provides numerous out-of-the-box integrations with popular tools in the software development lifecycle. This includes issue tracking systems (like Jira, Azure Boards, and GitLab), CI/CD platforms (like Jenkins and Azure Pipelines), and vulnerability management systems (like ServiceNow).
- Predictive Risk Scoring: A newer innovation that uses AI to predict the likelihood of a web asset being at risk even before a scan is conducted.
Target Customers
Invicti Security targets a broad range of customers, from small and medium-sized businesses to large enterprises, including those in the public sector. The company serves organizations across various industries that need to secure a large number of web applications and APIs. Its solutions are particularly beneficial for companies with established DevSecOps practices or those looking to integrate security into their development processes. The primary users within these organizations are security teams and developers. By providing automated and accurate vulnerability assessments, Invicti Security enables these teams to efficiently manage and remediate security risks, reduce the time and cost associated with security incidents, and ensure compliance with standards like PCI DSS. The ability to integrate with developer tools helps bridge the gap between security and development teams, fostering a collaborative approach to application security.
Cloud Integrations and Marketplaces
Invicti Security provides a range of cloud integrations and is present on major cloud marketplaces, facilitating the incorporation of its security solutions into customers’ existing cloud environments and procurement processes.
- Microsoft Azure: Invicti’s application security testing solutions are available on the Microsoft Azure Marketplace. This allows customers to purchase and deploy Invicti’s products through their existing Microsoft Azure agreements, which can contribute to their annual spending commitments. The integration simplifies procurement and management through unified billing and subscription management. Invicti also offers built-in integration with Azure Pipelines for incorporating vulnerability scanning into the CI/CD process and supports single sign-on with Microsoft Entra ID (formerly Azure Active Directory). Furthermore, Invicti Enterprise can be integrated with Azure Boards for issue tracking, allowing for the automatic creation and management of work items based on scan results.
- Amazon Web Services (AWS): Invicti Security’s solutions are offered on the AWS Marketplace through both public and private listings. This enables customers to procure Invicti’s services using their existing AWS cloud agreements, simplifying the purchasing process and potentially counting towards their annual AWS spend. Invicti Enterprise can be configured to run scanner agents on AWS, automatically creating and terminating instances for scans. The company also provides integration with AWS Web Application Firewall (WAF) and Amazon API Gateway.
- Google Cloud: While Invicti offers single sign-on integration with Google for its products, it does not have a direct listing on the Google Cloud Marketplace. A search on the Google Cloud Marketplace for “Invicti Security” does not yield any direct results for its products.
Key People
- CEO: Michael George.
- President: Kevin Gallagher.
- Founder and Strategic Advisor: Ferruh Mavituna.
- Chief Product Officer: Sonali Shah.
- CFO: Jeff Bray.
- Chief People Officer: Kellie Vugrincic.
- Chief Marketing Officer: Alex Bender.
- Chief Engineering Officer: John Mandel.
- Chief Customer Officer: Mike Mattos.
- CTO and Head of Security Research: Frank Catucci.
- Chairman of the Board: Gerhard Watzinger.
- CISO, VP of Information Security: Matthew Sciberras.
Key Facts
- Headquarters Location: Austin, Texas, United States.
- Number of Employees: 300-500.
- Annual Revenue: Approximately $64 million.
- Parent Company: Summit Partners.
- Subsidiary Companies: Acunetix, Netsparker.
- Publicly Listed: No.
Analyst Recognition
Gartner has recognized Invicti Security in the Application Security Testing (AST) category. In 2022, Gartner positioned Invicti as a Challenger in its Magic Quadrant for Application Security Testing. This followed its first inclusion in the 2021 Magic Quadrant for the same category. Additionally, Invicti’s products were named a Gartner Peer Insights Customers’ Choice for Application Security Testing in 2020.
There is no information available from Forrester, IDC, or Everest Group that includes Invicti Security in a formal analyst report or designates a specific role for the company within a defined technology category.
