Invicti Security Releases Enterprise-Class IAST Solution

Netsparker adds depth to web application security testing with new module

AUSTIN, TEXAS – March 30, 2021 – Invicti Security™, a global leader in web application security, today announced that it has added Interactive Application Security Testing (IAST) capabilities to Netsparker, its award-winning web application security scanner. The IAST sensor works hand-in-hand with Netsparker’s Dynamic Application Security Testing (DAST) solution to provide deeper insights into runtime issues, and to identify and test local assets that crawlers can’t see. 

Recent research by IBM Security estimates the average cost of a data breach to be $3.86 million, with the average time to identify and contain one reaching 280 days. To be effective, modern web application security testing must combine the widest possible test coverage with the accuracy required to efficiently isolate and resolve vulnerabilities. Netsparker’s combined dynamic and interactive (DAST + IAST) approach to scanning provides customers with three key benefits:

  • More complete scanning: IAST sensors inspect the application “from the inside” and scan parts of the application that a DAST scanner alone could not see
  • Additional verification: DAST + IAST scanning analyzes the application’s runtime behavior to provide additional confirmation of vulnerabilities for directly actionable results
  • Better insight for remediation: IAST scanning can provide line-of-code level details on where vulnerabilities exist, so developers and security pros can address them more quickly and with less manual effort

“Adding IAST to Netsparker means that this solution now provides even more actionable results to dev teams so they can remediate vulnerabilities,” said Ferruh Mavituna, founder of Netsparker and CEO of Invicti Security. “Runtime insights extend an organization’s ability to confidently automate application security testing so they can scale their security operations.”

IAST provides more detailed information about vulnerabilities and possible attack payloads that enable security engineers and Netsparker itself to triage issues faster and more accurately. The insights provided by IAST also help bring developers closer to security with a deeper understanding of security issues in their code.  

“Adding the extra vulnerability details from IAST to our existing Proof-Based Scanning changes the dynamics of application security testing, and we’re getting great feedback from customers,” said Mike Mattos, Invicti Security Senior Vice President of Customer Success. “This is another advancement in Netsparker’s approach to helping developers and security teams work more effectively together to improve an organization’s security posture.”

Combined with the right internal organization and workflows, Netsparker can be set up and used as a fully automated application security platform, allowing companies to shift the entire vulnerability resolution process to the development level.

This new capability expands Invicti Security’s offering across its product portfolio and was developed with the help of the same team that originally created one of the first commercial IAST implementations nearly a decade ago in Acunetix, another Invicti Security product.  

Additional details about Netsparker DAST + IAST can be found in this white paper or with a product demo.

About Invicti Security

Invicti Security is changing the way web applications are secured. A global leader in web application security for more than 15 years, Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture. Invicti’s product Netsparker delivers industry-leading enterprise web application security, while Acunetix is designed for small and medium-sized companies. Invicti is backed by Turn/River Capital, and is headquartered in Austin, Texas, with offices in London, Malta, and Istanbul.

This press release was originally published on PR Newswire.