24 Apr 2024

Invicti, the pioneering provider of application security testing solutions, announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organisations gain a strategic view of their overall application security risk.

Predictive Risk Scoring allows organisations to determine which web applications should be scanned first and proactively prioritise remediation efforts. This new capability remaps the application security testing process to profile and calculate a risk score on all discovered web applications–before any scanning begins.

New advancement in AppSec

Risk management and prioritisation are ongoing challenges in application security with the high volume of vulnerabilities that are discovered across web applications and APIs. While vulnerability severity helps order which vulnerabilities might require attention over others, there’s still a lack of information around exploitability and risk.

Risk control and prioritisation are ongoing challenges in application guard with the high volume

Everyone working in cybersecurity needs to work faster, with more confidence that they are doing the right thing to protect their organisations. This new advancement in AppSec testing helps make that a reality,” said Neil Roseman, CEO at Invicti. “CISOs can now look at their application attack surface using a risk-based approach, guaranteeing that their AppSec program is focusing efforts in the right areas.”

Advantages of this innovation

Predictive Risk Scoring addresses the gap in vulnerability severity information by applying an AI model on discovered assets and calculating risk score from a set of 220 parameters with a minimum 83% confidence level. Among many advantages of this innovation, no scanning resources are required and no customer data is required to assess the risk score.

Protecting applications is crucial for companies of all sizes but it’s challenging with the complexity and noise in the application security market, amplified with the adoption of AI. Now more than ever, security teams need to prioritise their efforts to address to the riskiest issues, with speed and scale,” said Melinda Marks, Practice Director, Cybersecurity at ESG. “Risk-based prioritisation can help organisations best deploy their resources and optimise efficiency to secure their environments to support business growth.” Predictive Risk Scoring is currently available to Invicti customers using both Acunetix and Invicti (formerly Netsparker) product lines.