Invicti Plans


Fast and accurate application security results and automated remediation workflow for mid sized business with approximately 100 applications and APIs.

Get a demo


Fully automated application security platform for large enterprises seeking to continuously secure their entire web application and API attack surface.

Get a demo

Invicti Plans Comparison

Feature / Functionality
Free Trial Invicti Pro Invicti Enterprise
Delivery Cloud or On-Premises Cloud or On-Premises Cloud or On-Premises
Key Testing Features
Web Application Discovery & Testing Minus Mark Check Mark Check Mark
API Security Testing Minus Mark SOAP, REST, GraphQL API SOAP, REST, GraphQL API
Proof of exploit Minus Mark Check Mark Check Mark
Interactive Application Security Testing Minus Mark Check Mark Check Mark
Software Composition Analysis Minus Mark Check Mark Check Mark
Authenticated Scanning Minus Mark Check Mark Check Mark
Out-of-band vulnerability testing Minus Mark Check Mark Check Mark
PCI Compliance Scanner Minus Mark Minus Mark Check Mark
Scheduled Scanning Minus Mark Check Mark Check Mark
Vulnerability Retest Minus Mark Check Mark Check Mark
Scans per Target Minus Mark Unlimited Unlimited
Max Number of Scan Engines Minus Mark Unlimited Unlimited
User and Scan Management and Reporting
Single Sign On Minus Mark Minus Mark Google, PingIdentity, Okta, SAML, Azure AD, PingFederate, ADFS
User Roles and Privileges Minus Mark Basic Advanced
Scan Policy Editor and Optimizer Minus Mark Check Mark Check Mark
Executive dashboards Minus Mark Check Mark Check Mark
Full detailed scan report (including technical details about the vulnerabilities) Minus Mark Check Mark Check Mark
Remediation Advice Minus Mark Check Mark Check Mark
Number of Users Minus Mark Unlimited Unlimited
Flexible Support Options Minus Mark Check Mark Check Mark
Option to purchase Guided Success Minus Mark Check Mark Check Mark
CI/CD Systems Minus Mark Jenkins Jenkins, Azure Pipelines, Circle CI, Bamboo, GitHub Actions, GitLab CI/CD, Team City, and others
Issue Trackers Minus Mark Jira, GitHub, Microsoft TFS, Gitlab Jira, GitHub, Microsoft TFS, Gitlab, Azure Boards, Bugzilla, DefectDojo, Service Now, Jazz Team Server and others
Communication Systems Minus Mark Minus Mark Slack, Microsoft Teams, and others
Secrets Management Minus Mark Minus Mark Hashicorp, CyberArk
Vulnerability Management, SIEM Minus Mark Minus Mark Splunk, ServiceNow, Kenna
Cross Domain Identity Management Minus Mark Minus Mark Azure AD, Okta
Project Management Minus Mark Minus Mark Asana, Trello
WAFs Minus Mark Imperva, F5, FortiWeb Imperva, F5, FortiWeb, AWS, Cloudflare, ModSecurity

Frequently Asked Questions

Can I try Invicti before I purchase?

Invicti provides Proof of Concept licenses so you can try the product in your current environment and make sure it’s the right fit for you and your organization before purchase.

What does Invicti define as a Website?

A website is defined in Invicti as a fully qualified domain name (FQDN). An FQDN is the complete domain name for a specific target and consists of two parts; the hostname and the domain name.

The below examples are considered to be 1 website, as they share the same FQDN.

Subdomains and ports share the same FQDN, but are considered to be different websites. For example:

What kind of integrations does Invicti have?

Invicti has out of the box integrations for several popular issue tracking, CI/CD and other services used in development environments. Though if you use a system for which Invicti does not have out of the box support you can always use the REST API.

What is Proof-Based Scanning?

Proof-Based Scanning is an exclusive technology that automatically verifies identified vulnerabilities, proving they are real and not false positives. Read about Proof-Based Scanning to learn more about this cutting-edge technology.

How frequently do you update your vulnerability database?

Invicti is a heuristic scanner and does not use a signature database as traditional antivirus software does. That’s why it’s able to identify zero-day vulnerabilities in any type of custom web application.

With Invicti you’ll receive Vulnerability Database Updates, which are known vulnerabilities within WordPress, Joomla, jQuery, Apache, and more. This database is updated every week.

You’ll also receive brand new security checks for finding zero days, improvements, and new features. We generally release a major update every other month.

If a vulnerability is critical (i.e. Heartbleed) we aim to release an update for it within the week. We have a dedicated security research team for both vulnerability database checks and new security checks.

Does Invicti scan vulnerabilities according to OWASP top 10 list?

Invicti can identify thousands of different vulnerability variants and is not limited by any specific compliance or list. If there is a web security issue, Invicti will scan for it, regardless if it is listed in compliance regulations or not. Some of the vulnerabilities Invicti scans for are listed in the OWASP Top 10 list of most critical security risks.

What kind of support does Invicti provide?

We offer three support packages to fit the needs of any business including world class support included will all subscriptions. Support is provided via email, phone, and remote screen Monday through Friday.

Have a question that’s not in this list?

If you have any other questions, don’t hesitate to reach out to us. You can also reach out to your regional Invicti representative if you are already in touch with one.

General Mills
Ford Motors Company

Join the hundreds of companies who keep their web apps secure with Invicti.

Get a demo