Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Getting Started

Quick start guide

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Quick start guide for Invicti Enterprise

This document outlines the steps to get started with Invicti Enterprise. For demonstration purposes, we will use one of Invicti’s test websites. Scanning this site will help you understand its features and capabilities.

You will learn how to do the following tasks:

Prerequisites for the Invicti Enterprise On-Premises

This guide applies to Invicti Enterprise On-Demand. To use it with Invicti Enterprise On-Premises, you need to install a scan agent and an authentication verifier agent, as well as configure your email settings. These components are essential for scanning your web application, verifying login forms, and receiving scan reports.

Step 1: Add a target website

Before scanning, you have to add a website to your Invicti Enterprise account.

  1. Select Targets > New Target from the left-side menu.
  2. Enter the necessary information, such as name, URL, and technical contact.
  3. Click Save.

Add a new target website in Invicti Enterprise.

NOTE:

Select the Cloud mode when the website is accessible publicly from the internet. Select the Internal mode and install an agent to scan a website in your internal network. For information on using agents with the On-Premises edition, refer to the Installing the Invicti Enterprise Agent document.

For detailed information on adding a website, refer to the Adding a Target in Invicti Enterprise document.

Step 2: Launch a scan

To launch a website scan, you can use the default settings or customize the scan options, depending on your needs.

TIP:

The scan duration varies depending on the size of the web application and the security checks enabled in the selected Scan Policy.

Option A: Using default settings

The default configuration includes Default Scan Policy with built-in Security Checks, Report Policy, Maximum Scan Duration, Scan Scope, Heuristic URL Rewrite Mode, and Notifications. It allows you to start scanning quickly.

  1. Select Scans > New Scan from the left-side menu to open a scan configuration.
  2. In the Target URL input your previously saved website.
  3. Click Launch to start the scan with the default settings.

Launch a new scan in Invicti Enterprise.

  1. A scan summary will open, allowing you to monitor the progress in real-time.

Real-time scan summary in Invicti Enterprise.

  1. The scanner reports the vulnerabilities as soon as it identifies them.

Real-time reporting of found vulnerabilities in Invicti Enterprise.

To understand the scan settings in-depth, refer to our Create a new scan document.

Option B: Using customized settings

Invicti Enterprise has extensive customization options. In this section we will show the most commonly amended options.

Form Authentication

Enter authentication information so that the scanner can crawl and attack password-protected web pages.

  1. Select Scan > New Scan from the left-side menu.
  2. In the Authentication section select Form > Form Authentication.
  3. Enter the login credentials.
  4. Click Verify Login & Logout to make sure that the scanner can crawl these web pages.
  5. Click Launch to start the scan.

Form authentication options during scan in Invicti Enterprise.

If your own website has a different configuration for authentication, refer to the Authentication overview document.

Scan Scope

By configuring the Scan Scope you can define the parts of the website to be scanned.

  1. Select the scope between Entered Path and Below, Only Entered URL, and Whole Domain.
  2. Exclude a certain part of the website from the security scanning by using regular expressions (RegEx).
  3. Enable the Exclude Authentication Pages checkbox to remove pages such as login and logout from the scan scope.

Setting up scan scope and exclusions in Invicti Enterprise.

For more information, refer to the Scan Scope document.

Scan Time Window

Configure the scan time window to control when a scan will take place. To prevent disruptions on live, visitor-accessible production websites, carefully consider the scan time.

  1. Select Scan > New Scan from the left-side menu.
  2. In Scan Settings > Scan Time Window enable the Enable Scan Time Window checkbox to set up the allowed time frame. 

TIP:

For further information on scanning live environments, refer to the Scanning Production Environments document.

Other Options

In addition to these customizations, you may add links to have a head start in scanning and configuring notifications.

To understand each setting and how to configure it, refer to our Invicti Enterprise scan options fields document.

Step 3: Review scan results

When Invicti Enterprise completes the security scanning, it notifies you with an email. In this example, the scanner warns you that the PHP test website is very insecure and requires immediate attention.

Scan report email after finished scan in Invicti Enterprise.

  1. Click View the Report to open the scan summary. This page lists vulnerabilities grouped by severity levels.
  2. Review the technical report to check if the identified vulnerability is confirmed.

Details of a found and confirmed critical vulnerability of Boolean Based SQL Injection.

  1. To assign this vulnerability to developers, click Update. Invicti Enterprise automatically notifies them so they can start working on this issue. Click the Accepted Risk button if you prefer not to work on it.
  2. To review the progress, select Issues > All Issues from the left-side menu. This page provides you a quick overview of vulnerabilities and their statuses.
  3. The Fixed (Unconfirmed) status means remediation action has been taken on this issue, but it’s not confirmed yet as Fixed.
  • Select Issues > Waiting for Retest from the left-side menu. Invicti Enterprise notifies you about the retest scan and when it completes the scan.
  • Select Scans > Recent Scans to see the scan’s status.
  1. If the issue is fixed, its state will be automatically changed to Fixed (Confirmed). Otherwise, the status is back to Present again and will assign it to the user who marked the issue previously as Fixed.

NOTE:

To create a team in Invicti Enterprise refer to the Managing Team Members in Invicti Enterprise document.

Step 4: Integrate with an issue tracking tool

Simplify issue management by integrating Invicti Enterprise with an issue tracker. The scanner connects with your SDLC ecosystem, including vulnerability management, issue tracking, CI, and WAF tools, to streamline bug fixes.

Available Invicti Enterprise integrations with Issue Tracking Systems.

For further information about integrations in general, refer to the Integrations overview document.

  1. Select Notifications > New Notification from the left-side menu to report critical issues to Jira once the scan is completed. Then, assign work items to developers directly from Jira.
  2. Configure bi-directional Jira integration. When a developer fixes an issue and submits a merge request, Invicti Enterprise tests the fix. If the issue persists, it's reassigned to the developer.
  • To configure it, navigate to Integrations > New User Mapping, select Jira, and complete the integration.

For detailed information on issue tracking systems integration, refer to the Integrating Invicti Enterprise with an issue-tracking system document or the specific documentation for your issue tracker.

Step 5: Create a scan report

To view scan results, check the online scan summary once the scan is complete or export the findings to a shareable report file. Two commonly used formats are the Executive Summary Report for managers and the Detailed Scan Report for developers.

Executive Summary Report

  1. In the Recent Scans window, click Report by the relevant scan to open its report.
  2. Click Export to start the report configuration.
  3. From the Report drop-down, select the Executive Summary.
  4. From the Format drop-down, select PDF.

Exporting Executive Summary report after a scan.

  1. Click Export to download the file.

Example of Executive Summary report.

Detailed Scan Report

  1. In the Recent Scans window, click Report by the relevant scan to open its report.
  2. Click Export to start the report configuration.
  3. From the Report drop-down, select the Detailed Scan Report.
  4. From the Format drop-down, select PDF.
  5. Click Export to download the file.

For more information about different types of reports, refer to the Reporting document.

This quick start guide introduces Invicti Enterprise. For detailed usage information, visit https://www.invicti.com/support. For further assistance, submit a Zendesk ticket to Support.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports