KEV-TICKERcves_ytd=28,720kev_total=1,289added_7d=+7[CISA KEV ↗]
// scanner: invicti

Invicti pricing 2026: quote-only, ~$5,000 per application per year (partner-reported)

Enterprise DAST with Proof-Based Scanning. Sibling brand to Acunetix (same parent).

author: Oliver Wakefield-Smith · verified 2026-06-26
// direct-answer

What does Invicti cost in 2026?

Quote only (~$5,000 / app / yr partner-reported). Enterprise DAST with Proof-Based Scanning. Sibling brand to Acunetix (same parent).

Pricing snapshot

  • Invicti StandardQuote only, per-application
  • Invicti TeamQuote only, multi-user
  • Invicti EnterpriseQuote only, on-prem or SaaS

What scales, what does not

  • Proof-Based Scanning auto-validates a subset of findings (XSS, SQLi) with safe exploit payloads, cutting human triage hours.
  • Same Invicti Group parent as Acunetix; underlying scan engines differ but overlap is real.
  • Per-app pricing rewards consolidation onto fewer URL roots and discrete authentication contexts.

Where it hits the ceiling

Invicti's strength is mid-to-enterprise DAST; for cheap per-target or pen-test-style workflows, Burp or Acunetix often wins.

// price-bandQUOTE// verified 2026-06-26
// faq

FAQ

  • Is Invicti pricing public?
    No. Invicti pricing is quote-only as of 2026-06-26. Figures cited are partner-reported.
  • Is there a free tier of Invicti?
    No formal free tier. Trials and PoCs are common.
  • Does Invicti cover web application scanning?
    Yes, that is its primary product.
  • Does Invicti produce PCI ASV evidence?
    Yes; Invicti either is a PCI Approved Scanning Vendor or its output is regularly used as part of an ASV-attested package.
  • How often does Invicti update its vulnerability content?
    Daily for commercial scanners (Tenable plugins, Qualys signatures, Rapid7 recog). Open-source OpenVAS NVT feed is daily but lags commercial coverage by hours to days.
Related: Pricing cheatsheet How we verify Directory