Cyber Tool Stack
All tools

Invicti

By Invicti Security

An enterprise DAST platform, renamed from Netsparker in 2021, built around proof-based scanning that safely re-exploits a finding to confirm it's real before it reaches a report. Increasingly bundled with SCA and ASPM correlation following Invicti Security's 2025 acquisition of Kondukto.

Verified Source: 1

Product type
Software
Deployment
SaaSOn-prem
Organization size
Mid-marketEnterprise
Pricing tier
$$$

Capability checklist

DAST

How Invicti measures up against the full Dynamic Application Security Testing taxonomy.

Black-box scanning — supported
Tests a running application from the outside, without access to source code.
Authenticated scanning — supported
Crawls and tests pages that require a logged-in session.
API scanning — supported
Tests REST and GraphQL APIs, not just traditional web pages.
CI/CD scan automation — supported
Runs scans automatically as part of the build and deploy pipeline.
Automated finding verification — supported
Confirms exploitability of findings to cut down false positives.
OWASP Top 10 coverage — not supported
Tests for the industry-standard set of common web application vulnerability classes.

Alternatives

Other Dynamic Application Security Testing tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.