New Invicti research reveals Proof-Based Scanning automatically confirms 94% of direct-impact vulnerabilities with 99.98% accuracy
Austin, TX, September 28, 2021 – Invicti Security™, a global innovator in application security, today announced the results of an extensive analysis of six years’ worth of real-world vulnerability data processed by Invicti’s Netsparker solution. Within this research, Invicti found that Netsparker’s Proof-Based Scanning technology automatically confirmed 94% of direct-impact vulnerabilities with a confirmation accuracy of 99.98%. In other words, only 0.02% were later found to be false positives.
The analysis of anonymized customer data suggests the following trends:
- Security teams suffer from alert overload: The average security team manages more than 500 websites and applications, each of which annually generates an average of 20 vulnerabilities. This means security teams are responsible for validating a staggering 10,000 vulnerabilities per year.
- False positives in scan results cost time (and money): With the average time to manually investigate a vulnerability estimated at one hour, enterprise security teams are spending nearly 10,000 hours a year checking unreliable vulnerability reports. Invicti found that this lost time could cost enterprises as much as half a million dollars annually.
- Manual vulnerability verification delays remediation and detracts from valuable security work: Deploying accurate automated vulnerability confirmation enables issues to be remediated quickly and frees security professionals’ time so it can be spent on high-value security and development projects.
Proof-Based Scanning provides confirmation where it matters most: for vulnerabilities that are directly exploitable by attackers. Over the last decade, Invicti’s security researchers and developers have used vulnerability data to continuously refine the product by identifying real-life edge cases and incorporating them into the Netsparker security checks. With this level of accuracy, the proof-based approach does double duty: ensuring trustworthy results and demonstrating that if an automated testing tool can get through, so can malicious actors. Most importantly, accurate results that can be routed directly to remediation so that vulnerabilities are fixed much faster.
“Throughout our history, we’ve understood the value of listening to those on the front lines of addressing security issues – security engineers and developers,” said Ferruh Mavituna, founder and CEO at Invicti. “We’ve used this insight to continually shape and improve our technology, and today are proud to offer a solution that is proven to help development and security cut through the noise so they can focus on delivering valuable innovation without compromising security.”
Delivering innovative AppSec solutions since 2005, Invicti has protected more than 800,000 websites for over 3,100 customers globally. For the first time, Invicti was included this year in the 2021 Gartner Magic Quadrant for Application Security Testing. The company has also recently been recognized by G2 as a Momentum Leader for its Acunetix and Netsparker products, won two Cyber Defense Global InfoSec Awards this year, and is also the recipient of a 2021 Globee Award for Cyber Security Global Excellence.
About Invicti Security
Invicti Security is changing the way web applications are secured. A global leader in web application security for more than 15 years, Invicti provides dynamic and interactive application security products to help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers to improve their overall security posture. Invicti’s product Netsparker delivers industry-leading enterprise web application security, while Acunetix is designed for small and medium-sized companies. Invicti is headquartered in Austin, Texas and serves organizations all over the world.
Scratch Marketing + Media for Invicti Security
This press release was originally published on PR Newswire.