DirectDefense Use Invicti for Automatic Web Application Security Scans Because it is Accurate and Fast

Invicti continually executes scans in a more optimized way and delivers actionable results every time. The false-positive free scanning, means that Invicti has already attempted to validate the finding for itself before it provides the results, thus eliminating the need for our consultants to spend time chasing down false positives.

– Jim Broome, President, DirectDefense

Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Their core strength is the deep experience in performing security assessments for a wide array of networks, platforms, applications and web applications. DirectDefense’s seasoned consultants are focused on providing world-class security services to their clients. Regardless of industry – aerospace, financial, insurance, retail, hospitality, healthcare, education, gaming, technology or energy and utilities, the wealth of knowledge and experience DirectDefense has assists their customers in achieving their security testing and strategy goals.

Fast and Accurate Automated Web Application Security Scans

As part of their service offerings, DirectDefense provide web applications penetration tests. At a minimum they analyse around 300 web application a month, hence speed and accuracy are major key factors when it comes to web application security. If the tools they use are slow they cannot keep up with the demand and If they report false positives, consultants will waste precious time verifying the scanner findings.

The Right Automated Web Application Security Scanner

DirectDefense have been using automated web application security scanners since the early days. They have used all of them but since 2011 they started using Invicti as their main scanner, and prefer to use it unless they are required to use another solution based on their customer’s requirements.

When asked why they use Invicti Web Application Security Scanner;

In a simple word, SPEED. Invicti continually executes scans in a more optimized way and delivers actionable results every time. The false-positive free scanning, means that Invicti has already attempted to validate the findings for itself before it provides the results, thus eliminating the need for our consultants to spend chasing down false positive findings.

This lets our consultants focus on refining their testing and validation of existing vulnerabilities and provide quicker results to our customers.

Benefits of Invicti Web Application Security Scanner

Speed, automation and accuracy are some of the reasons why a security firm such as DirectDefense uses an automated web vulnerability scanner, and as per Mr Broome’s words Invicti has it all;

Speed: It is easy to configure and is one of the faster scanners with regards to scan completion.

Automation: Invicti is easy to automate and can successfully complete batch scans of 100’s of websites and web applications.

Accuracy: Invicti produces accurate results time and time again, and when its not 100% sure on a finding, it tells you so. This allows a tester or a consultant to focus on which areas to validate and which areas already have proof of a vulnerability.

The Need to Detect all Technical Vulnerabilities on All Type of Frameworks

Accuracy and adaptability are as important as speed and automation when your clientele consists of major banks and financial institutions. Having such a varied clientele, DirectDefense has seen it all. As Mr Broome says “You name it, we have scanned it!” It could be a .NET, PHP, Spring, Struts or Java web application running on Apache, NGinx or IIS. DirectDefense has seen it and scanned it with Invicti.

Invicti consistently finds and validates SQL injection vulnerabilities faster than any scanner we have ever used. Be it a banking application or a cloud based CRM application, we recommend continual testing, and Invicti is such a tool to assist with meeting these requirements.

World Class Support is Another Important Requirement

It is a must to use the right security tools when scanning web applications if you do not want to miss a vulnerability. A malicious attacker only needs to exploit a single vulnerability to gain unauthorized access to the web application and the sensitive data it stores. Web application security is a critical business and one should not forge ahead alone. Hence world class support is also another vital requirement security experts such as DirectDefense have when choosing their tools.

The Invicti support department is known for its world class support, and Mr Broome confirms this.

Yes, if you have a complex issue or even one that is simple to resolve, the Invicti support staff is there. Don’t be surprise if you get emailed from Ferruh (the CEO) with recommendations and suggestions.

He couldn’t have said it better. We thrive to deliver world class support, and if need be even our CEO, who is a seasoned penetration tester himself gets involved in support tickets.

About DirectDefense

Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

Turn your security process into a success story