We just raised a $30M Series A: Read our story

Netsparker by Invicti OverviewUNIXBusinessApplication

Netsparker by Invicti is the #10 ranked solution in our list of AST tools. It is most often compared to OWASP Zap: Netsparker by Invicti vs OWASP Zap

What is Netsparker by Invicti?

Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.

Netsparker by Invicti is also known as Mavituna Netsparker.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: October 2021

Netsparker by Invicti Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Netsparker by Invicti Video

Pricing Advice

What users are saying about Netsparker by Invicti pricing:
  • "Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

Netsparker by Invicti Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Top 5
A customizable security testing solution with good tech support, but the price could be better

Pros and Cons

  • "The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
  • "The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."

What is our primary use case?

We use Netsparker by Invicti to run tests for application security based on OWASP Top 10.

What is most valuable?

The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support.

What needs improvement?

The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it.

Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. 

It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support.

For how long have I used the solution?

I have been using Netsparker by Invicti for about five years.

What do I think about the stability of the solution?

We haven't had any problems with stability.

What do I think about the scalability of the solution?

Scalability is simple because we are using it as a standalone application at the moment. It's installed in one of our testing environments. So, I cannot really comment about scalability. We have about three to five people using it at the moment.

How are customer service and technical support?

Tech support is really wonderful, and they are very helpful and prompt with responses as well. If we have some queries regarding macros, regarding the APIs, the customer support is really good, and they have good recommendations as well.

How was the initial setup?

The initial setup is straightforward. 

What's my experience with pricing, setup cost, and licensing?

Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license.

Which other solutions did I evaluate?

There are different products in the market for DAST like Micro Focus, IBM AppScan, Acunetix, and Burp Suite. All these products have their pros and cons. Netsparker is really good, and it has a vast variety for security checks, plugins, that could be used for finding vulnerabilities.

What other advice do I have?

I would tell potential users that it's really one of the best products in the market for web application security or Dynamic Application Security Testing (DAST). The licensing part is challenging, but they might get a good deal out of the Netsparker team.

On a scale from one to ten, I would give Netsparker by Invicti a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SS
Consultant Cyber Security at a tech services company with 51-200 employees
Consultant
Top 5
A fast solution that is easy to deploy, configure, and use

Pros and Cons

  • "I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
  • "They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

What is most valuable?

I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool.

It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.

What needs improvement?

They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams.

It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one.

For how long have I used the solution?

We started to use Netsparker Web Application Security Scanner in February of this year. We are using its latest version.

What do I think about the stability of the solution?

It is pretty stable. 

What do I think about the scalability of the solution?

It is scalable.

How are customer service and technical support?

We engage with the local partner and the distributor here for support. We are satisfied with the support here.

How was the initial setup?

The initial setup wasn't a problem for me. I have been using these security tools for a while now.

Which other solutions did I evaluate?

I also use Micro Focus Fortify. The difference is mainly in the UI. I haven't really got into the comparison between the output of the scans, but I was really impressed by the UI and the ease of use of Netsparker Web Application Security Scanner.

What other advice do I have?

I would recommend this solution. I haven't really researched other products, but for me, Netsparker Web Application Security Scanner is a benchmark right now.

I would rate Netsparker Web Application Security Scanner an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Netsparker, Acunetix, PortSwigger and others in Application Security. Updated: October 2021.
540,984 professionals have used our research since 2012.
SS
Consultant Cyber Security at a tech services company with 51-200 employees
Consultant
Top 5
A good interface that makes it easy to use, and the tool is really fast

Pros and Cons

  • "This tool is really fast and the information that they provide on vulnerabilities is pretty good."
  • "Right now, they are missing the static application security part, especially web application security."

What is our primary use case?

We are a consulting firm and we provide implementation and deployment of solutions to our customers.

What is most valuable?

I am very much impressed by the whole technology.

This tool is really fast and the information that they provide on vulnerabilities is pretty good.

The UI is good and it is really easy to use.

What needs improvement?

With respect to the algorithm that Netsparker is running, they don't really provide the proof of concept up to the level that we need, here in the organization. Specifically, because the tool is running the scan and exploiting the read-only version, it doesn't prove to the customer that the exploit is genuine. We have to perform this manually, but it is difficult to prove to the concerned team, whether it is the development team, the remediation team, or the security team.

Right now, they are missing the static application security part, especially web application security. If they can integrate a SaaS tool with their dynamic one then it would be really helpful.

For how long have I used the solution?

I have been working with Netsparker for several months.

What do I think about the stability of the solution?

We have not experienced any bugs or glitches, so it seems stable.

What do I think about the scalability of the solution?

Scalability-wise, it is pretty good.

How are customer service and technical support?

We have been engaged with the local partner and we get a good level of support.

Which solution did I use previously and why did I switch?

We also use Micro Focus Fortify and I have not had a chance to compare the scans, but I prefer the interface and ease of use with Netsparker. It is really easy to configure and deploy, as well as communicate this to the client.

How was the initial setup?

The initial setup was not a problem for me, as I have been using these security tools for a while.

What other advice do I have?

Overall, I am satisfied with Netsparker. However, I cannot say at this point that I would recommend it because although it is good, I will now be using it as a benchmark for evaluating other products.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AhmedS. Younis
Retail Services Senior Manager at e-finance
Real User
Top 10
Very high level of accuracy and speedy scanning

Pros and Cons

  • "High level of accuracy and quick scanning."

    What is our primary use case?

    Our primary use case is for web applications but rather than being in a production environment, it's in a testing environment. We check for vulnerabilities found in the test environment and remediate them. Following that, we publish the web application for web production. We are customers of Netsparker and I'm the retail services senior manager.

    What is most valuable?

    The most valuable features that I've found in this solution was the level of accuracy and also that the process of scanning was very quick and we're easily able to change the frame of a scan. I use the many applications and security management tools and the accuracy is important for me. Other solutions like NetBus don't have such an accurate timeline. 

    What needs improvement?

    Improvement could be made in the area of production. Features like macro recording that I've used in other solutions would improve this product. Recording macro for complex applications, especially web applications where there is a complex web application for login or logout format. We could record the macro for login to make a dynamic scanning process, which makes it easier to scan methodology. We need to be able to record the macro. I think a feature like that would add a lot to the solution. 

    For how long have I used the solution?

    I've been using this solution for three months.

    What do I think about the stability of the solution?

    I think the stability of Netsparker enterprise product is very cool. And the application scanning was very successful. No time outs, no downtime the stability and the service was very, very good. 

    How are customer service and technical support?

    I'm satisfied with the technical support. 

    How was the initial setup?

    Initial setup was straightforward and didn't take much time. It was smooth and successful. 

    What other advice do I have?

    This is not a simple solution, there is a complexity there. A lot of companies here don't like the idea of using a cloud provider or cloud application for scanning. We prefer to have stand-alone applications and not use the cloud. It's something they could offer, like Qualys.

    I would rate this solution an eight out of 10.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    MM
    Senior Quality Control Manager at a insurance company with 51-200 employees
    Real User
    Top 20
    Great reporting review tool and very stable with an easy initial setup

    Pros and Cons

    • "The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
    • "The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."

    What is our primary use case?

    We're primarily used the solution as a proof of concept using it for assessing the security of one of our web applications.

    What is most valuable?

    The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports.

    What needs improvement?

    The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them.

    For how long have I used the solution?

    I've been using the solution for about two months.

    What do I think about the stability of the solution?

    The solution is very stable.

    What do I think about the scalability of the solution?

    As I was only working on the demo version of the solution, I can't speak to how scalable it would be.

    How are customer service and technical support?

    The technical support team was very helpful. They offered me a demo before I started using the tool, and the demo was very impressive.

    Which solution did I use previously and why did I switch?

    We previously used a different tool, but it was also a demo, like Netsparker. We wanted to try Netsparker, so we moved to their demo.

    How was the initial setup?

    The initial setup was straightforward.

    What about the implementation team?

    I handled the implementation myself.

    Which other solutions did I evaluate?

    I tried some different tools. Some of them were full versions whereas others were demo versions like Netsparker.

    What other advice do I have?

    We're using a demo of the latest version for a POC. We used the on-premises deployment model.

    I'd recommend Netsparker for anyone who wants to make a security assessment for web applications.

    I'd rate the solution nine out of ten. The tool is full of useful features. However, the intercepting reviews in terms of web requests need some enhancements to be more usable.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Application Security Report and find out what your peers are saying about Netsparker, Acunetix, PortSwigger, and more!