Analysis of over 500K vulnerability reports over six years indicates enterprises can save 9,760 hours and $488,000 annually

Invicti Security, a global innovator in application security, today announced the results of an extensive analysis of six years’ worth of real-world vulnerability data processed by the Invicti Enterprise solution.

New Invicti research reveals Proof-Based Scanning automatically confirms 94% of direct-impact vulnerabilities with 99.98% accuracy

Austin, TX, September 28, 2021 – Invicti Security™, a global innovator in application security, today announced the results of an extensive analysis of six years’ worth of real-world vulnerability data processed by the Invicti Enterprise solution. The research found that Invicti’s Proof-Based Scanning technology automatically confirmed 94% of direct-impact vulnerabilities with a confirmation accuracy of 99.98%. In other words, only 0.02% were later found to be false positives. 

The analysis of anonymized customer data suggests the following trends: 

  • Security teams suffer from alert overload: The average security team manages more than 500 websites and applications, each of which annually generates an average of 20 vulnerabilities. This means security teams are responsible for validating a staggering 10,000 vulnerabilities per year.
  • False positives in scan results cost time (and money): With the average time to manually investigate a vulnerability estimated at one hour, enterprise security teams are spending nearly 10,000 hours a year checking unreliable vulnerability reports. Invicti found that this lost time could cost enterprises as much as half a million dollars annually.
  • Manual vulnerability verification delays remediation and detracts from valuable security work: Deploying accurate automated vulnerability confirmation enables issues to be remediated quickly and frees security professionals’ time so it can be spent on high-value security and development projects. 

Proof-Based Scanning provides confirmation where it matters most: for vulnerabilities that are directly exploitable by attackers. Over the last decade, Invicti’s security researchers and developers have used vulnerability data to continuously refine the product by identifying real-life edge cases and incorporating them into the Invicti security checks. With this level of accuracy, the proof-based approach does double duty: ensuring trustworthy results and demonstrating that if an automated testing tool can get through, so can malicious actors. Most importantly, accurate results that can be routed directly to remediation so that vulnerabilities are fixed much faster.

“Throughout our history, we’ve understood the value of listening to those on the front lines of addressing security issues – security engineers and developers,” said Ferruh Mavituna, Invicti founder. “We’ve used this insight to continually shape and improve our technology, and today are proud to offer a solution that is proven to help development and security cut through the noise so they can focus on delivering valuable innovation without compromising security.” 

Delivering innovative AppSec solutions since 2005, Invicti has protected more than 800,000 websites for over 3,100 customers globally. For the first time, Invicti was included this year in the 2021 Gartner Magic Quadrant for Application Security Testing. The company has also recently been recognized by G2 as a Momentum Leader for its products, won two Cyber Defense Global InfoSec Awards this year, and is also the recipient of a 2021 Globee Award for Cyber Security Global Excellence

Click here for the white paper and here for the infographic reflecting Invicti’s six-year analysis of anonymized customer vulnerability data. 

About Invicti Security

Invicti Security is changing the way web applications are secured. A global leader in web application security for more than 15 years, Invicti provides dynamic and interactive application security products to help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers to improve their overall security posture. Invicti is headquartered in Austin, Texas, and serves organizations of all sizes all over the world.

Media Contact:

Anya Nelson
Scratch Marketing + Media for Invicti Security

This press release was originally published on PR Newswire.