Invicti Reviews

This product is mainly required for Automated Web Application Security Testing. We used the product over a shared directory.

It was very effective to highlight the low and medium level vulnerabilities which are generally easy to miss out.In certain cases we observed that high-level vulnerabilities could be pointed out with ease.

The scanner is light on the network and does not impact the network when scans are running. It is very efficient in highlighting medium-low vulnerabilities. These vulnerabilities during in-depth testing may find a miss but Netsparker can figure these very easily.

The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker.

The product is highly stable and does not create any issues.

It is available across different platforms and is highly scalable.

The technical support team was highly responsive and we used to get regular emails from their side, i.e., whenever there were any issues or new releases. In fact, the customer service is the best when compared to other competitor products.

Since the time I am associated to this company, we have constantly used Netsparker as one of our tools.

The setup is very straightforward and as it is connected to the network, it is very easy to update the product on a regular basis.

In our organization, we had a separate team which looked after the pricing and licensing policies. However, we never had any issues with the licensing; the price was within our assigned limits.

We do use other different products to confirm our results namely Burp Suite, Nessus, Qualys Inc. etc. Each product is used for the different stages of testing.

It is a highly scalable and multi-user platform. You need to ensure that you have a virtual machine connected over to the internet for most of the system, as there are weekly and monthly updates.

Its ability to crawl a web application is quite different than another similar scanner.

Sometimes, it can find more vulnerabilities that another scanner can’t. Usually, I have used both the scanners so I can get more results.

I’m not sure about the improvement part for our organization since I have only used this product for three months.

Maybe the ability to make a good reporting format is needed.

I got the trial license for about three months.

There were no stability issues.

There were no scalability issues.

I have never contacted technical support.

We did not switch solutions, just tried different tools to see the results.

The setup is easy and straightforward, because I was using Windows.

My office gave me the trial license and told me to try out these products. That’s it. Just compared it to other similar tools such as NeXpose and Acunetix.

The product’s most valuable features are its security scanning features.

It has improved the security of our code by scanning it and finding security defects.

Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes. Because our solution is large, NetSparker spends about one hour on scanning our code. It also depends on network speed, and just like anti-virus software, the scan time is a key performance requirement for NetSparker. The less the better. Thank you.

I have used it for two years.

I did not encounter any stability issues.

I did not encounter any scalability issues.

Technical support is good.

Initial setup is not complex. Just follow the instructions.

Price is not the key point.

Our primary use case of this solution is to assess the security of our web application security.

One of the features I like about this program is the low number of false positives and the support it offers. 

The program uses technology that is different from application scanners. It's not an incremental solution. It could be a new product, but I'm not that knowledgeable to know which products are part of a suite. Netsparker doesn't provide the source code of the static application security testing. I would love to see a completion of the offering with statistical analysis. 

Every customer has its own nuance, so I don't think it's really an issue when it comes to the user interface. Every customer has something that they would like different because they're used to something different. In my opinion, there is not very much to mention besides changing as little as possible. Something that Microsoft often does, is to change things with every release and users don't like that. 

I would also see the price being at least 20% cheaper because the market is currently very crowded and there are many vendors and clients. A lower price will get more sales. 

The solution is quite stable.

When it comes to scalability, we tend to do one test at a time. It could be faster but there is always a trade-off between speed and accuracy. Accuracy is more important than speed.

I rate the technical support seven out of ten, which is average to me. I don't have special requests that would stress a support team and so far my issues were resolved in a reasonable time. Should I have an emergency, I believe they will be very responsive.

The initial setup is quite straightforward.

There are many average products on the market, but I prefer Netsparker because to me wasting time after false positives is the worst thing that can happen. Accuracy is the most important thing to me. I rate Netsparker eight out of ten.

The primary use case of this solution is to Check the major vulnerabilities of the product such as SQL injection, XSS Exploitation, Broken Authentication,  Upload File Inclusion, CSRF, etc.

When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done.

With this wonderful tool, we can easily point out the outstanding reports of "Important", "Medium", "Low", and "Information" cases of vulnerabilities. Apart from that, it also visualizes what's wrong with the server, such as an outdated version, authorization, version disclosure, etc.

I like the way it provides the comprehensive result explaining the vulnerabilities which have been found along with how we can exploit those vulnerabilities with an example.

When scanning a large web-based application, it tends to process slow and takes a long time especially on crawling and attacking part. Would be better if that part would not take much time.

Apart from that, it would be better for listing and attacking Java-based web applications to exploit vulnerabilities.

Till now, no.

Yes, sometimes it hangs up when running large web-based applications.

9 out of 10.

Yes, I have used Acunetix, and the reason I switched to Netsparker would be:

The performance I found on Acunetix was very slow. It would take like a day if I had to scan our web based application product. That is not reliable when you are working with those clients who want a quick response.

I found it's straightforward and anyone can setup this solution. However naive or rookie, you may have obstacles setting up with LDAP login or Browser Authentication.

I would definitely recommend to those who really want to know in-depth details of their applications/products regarding the security of their web system.

No, I haven't.

Like I wrote earlier, I would highly recommend implementing this product to those who really care about the vulnerabilities and security of their products/applications.

I like the way Netsparker provides the comprehensive reports in various formats such as PDF, HTML, etc., which are enough to understand what's going on with our web application.

When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done. By using this wonderful tool, we can easily see on the outstanding reports "Important", "Medium", "Low", and "Information" vulnerabilities. Apart from that, it also visualizes what's wrong with a server such as an outdated version, authorization, version disclosure, etc.

Sometimes, it is slow; when we are running this application and browsing other applications concurrently, it makes other applications work slow. Besides that, it seems fine.

When I use Netsparker along with other applications such as testing web apps on browsers like Chrome or Firefox for a little longer than normal, there are issues that might be due to the CPU high usage. I'm unable to work on other applications (mainly browsers such as Chrome/Firefox) and ultimately it hangs and takes time to browse on browsers.

I have used it for most of the cases when I have to check vulnerabilities and other security exploitation. So, it's been like six months.

I have not use this feature. I will let you know when i am done with deployment.

Until now, I have not encountered any stability issues.

It sometimes hangs when running large web-based applications.

The way they are communicating with users like us, yeah, we can give them 9 out of 10. :)

I have used Acunetix. The reason I switched to Netsparker would be that the performance I found on Acunetix was very slow. It would take something like a day if I had to scan our web-based application product. That is not reliable when you are working with clients who want a quick response regarding how the application performs.

I found initial setup to be straightforward; anyone can set up this solution.

Not from a vendor team.

Price seem to be reliable.

No i did not evaluate other options.

I would definitely recommend it to those who really want to know in-depth details of their applications/products regarding security.

I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool.

It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.

They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams.

It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one.

We started to use Netsparker Web Application Security Scanner in February of this year. We are using its latest version.

It is pretty stable. 

It is scalable.

We engage with the local partner and the distributor here for support. We are satisfied with the support here.

The initial setup wasn't a problem for me. I have been using these security tools for a while now.

I also use Micro Focus Fortify. The difference is mainly in the UI. I haven't really got into the comparison between the output of the scans, but I was really impressed by the UI and the ease of use of Netsparker Web Application Security Scanner.

I would recommend this solution. I haven't really researched other products, but for me, Netsparker Web Application Security Scanner is a benchmark right now.

I would rate Netsparker Web Application Security Scanner an eight out of ten. 

We are a consulting firm and we provide implementation and deployment of solutions to our customers.

I am very much impressed by the whole technology.

This tool is really fast and the information that they provide on vulnerabilities is pretty good.

The UI is good and it is really easy to use.

With respect to the algorithm that Netsparker is running, they don't really provide the proof of concept up to the level that we need, here in the organization. Specifically, because the tool is running the scan and exploiting the read-only version, it doesn't prove to the customer that the exploit is genuine. We have to perform this manually, but it is difficult to prove to the concerned team, whether it is the development team, the remediation team, or the security team.

Right now, they are missing the static application security part, especially web application security. If they can integrate a SaaS tool with their dynamic one then it would be really helpful.

I have been working with Netsparker for several months.

We have not experienced any bugs or glitches, so it seems stable.

Scalability-wise, it is pretty good.

We have been engaged with the local partner and we get a good level of support.

We also use Micro Focus Fortify and I have not had a chance to compare the scans, but I prefer the interface and ease of use with Netsparker. It is really easy to configure and deploy, as well as communicate this to the client.

The initial setup was not a problem for me, as I have been using these security tools for a while.

Overall, I am satisfied with Netsparker. However, I cannot say at this point that I would recommend it because although it is good, I will now be using it as a benchmark for evaluating other products.

I would rate this solution an eight out of ten.