Invicti (formerly Netsparker)

paid · Founded 2009 · cloud / on-prem

Enterprise DAST + IAST with Proof-Based Scanning — annual contracts, quote-only.

Provides 'Proof-Based Scanning' to automatically confirm many vulnerabilities, reducing false positives.
Combines both DAST and IAST scanning techniques for broader vulnerability coverage.
Offers both cloud-based and on-premises deployment options to fit different security policies.

Pricing is not public; requires a custom quote and an annual contract commitment.
No free tier or monthly plan is available for smaller projects or evaluation.
The feature set is complex and geared towards enterprise use, potentially overwhelming smaller teams.

Tags: web-appapidastiastenterprisecloud

Alternatives to Invicti (formerly Netsparker)

paid

Unified AppSec platform consolidating SAST/SCA/IAST/API/IaC. Quote-based, public minimums ~$30,000/yr.

paid

Mature commercial DAST scanner from Invicti — quote-based, generally $4,500+/yr per target tier.

paid

Continuous DAST + manual pentest hybrid — published pricing $199-$5,999/yr, popular with SaaS startups.

paid

API-first DAST scanner with developer ergonomics — published from $59/mo for a single target.