Invicti

About

Invicti is an application security platform for finding and validating vulnerabilities in web apps and APIs. The product is DAST-first, with ASPM on top to unify findings, plus SAST, SCA, container, and API security. Proof-based scanning is the pitch: confirm the vuln so security teams aren't drowning in false positives. Company line is "zero-noise AppSec."

Used by 3,600+ organizations across 115+ countries. Named customers on the site include Kraft Heinz, Fujitsu, the FAA, NASA, the United Nations, Cisco, Verizon, Deloitte, EY, KPMG, Allianz, ING Bank, PepsiCo, Ericsson, and Johns Hopkins.

Headquartered in Austin, Texas. Founded in 2005 (originally Netsparker), rolled into the broader Invicti brand, and acquired Kondukto in 2025. Team page notes 8 countries represented and 15 languages spoken.