Invicti Security - Experts & Thought Leaders

Invicti Security announces Kevin Gallagher’s return to the company as President. Gallagher brings over 20 years of experience working with a range of established organisations like Brinqa, Sun Microsystems, and BeyondTrust. Gallagher most recently held the position of CEO of Cososys, a data loss prevention software provider, where he helped lead the company to a profitable exit. Previously, he served as Chief Revenue Officer at Netsparker, Acunetix, and Invicti, where he managed global sales and customer success. Kevin Gallagher Gallagher rejoins Invicti as President, where his track record of unifying teams complements his skills as a highly productive sales executive. “Kevin’s experience driving revenue growth at Invicti Security gives him an incredibly valuable foundation for success as President here at Invicti,” said Invicti CEO Neil Roseman. “He knows the products, he knows the application security landscape, and he’s energised to help shape our strategy.” Kevin comments “I’m thrilled to return to Invicti at such an exciting time of growth,” said Gallagher. “There’s been a lot of innovation since I left. We expanded our coverage to more diverse and comprehensive testing types like API security and we’re working on strategic partnerships that will help our customers, so I’m eager to dig in and I look forward to steering this team towards even bigger opportunities.” This announcement follows the launch of Invicti’s new API security solution which expands the company’s security capabilities for more comprehensive coverage on one platform.

Invicti, the pioneering provider of application security testing solutions, announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As development teams embrace the productivity benefits of AI code assistants, API creation accelerates further. But while AI code assistants are boosting developer productivity, they cannot yet generate secure application code or secure APIs consistently, propagating the risk from vulnerable APIs deployed into web services. API security testing 76% of organisations report having an average of 26 APIs per application deployed According to ESG’s report Securing The API Attack Surface, 76% of organisations report having an average of 26 APIs per application deployed. Many of these APIs are undocumented and unmonitored, so the security challenge is now about confidently and quickly finding APIs, testing them for vulnerabilities, and performing remediation.  With Invicti API Security, organisations can realise comprehensive API discovery alongside proactive API security testing. Multiple discovery methods Invicti API Security includes multiple discovery methods to enable comprehensive identification of known and undocumented APIs, including: Zero-configuration discovery to identify API specifications, scanning cloud environments for accessible paths API management system integrations to fetch and sync accurate and latest API specifications into inventory Network API traffic analysis to identify and reconstruct API calls into API definition files based on observed traffic Advantages of web application security These web application security uses can be deployed jointly with API find and security testing “With the Invicti Platform’s extensive API discovery capabilities, we are able to deliver a tool consolidation option, combining web application and API security into a single solution,” said Neil Roseman, CEO at Invicti. “As tool sprawl and budgetary constraints grow, CISOs can rely on the Invicti solution to address the growing API security concerns in addition to reducing their team’s tool complexity.” For decades, Invicti has provided the advantage of web application security testing coverage, accuracy, speed, and scale. The combination of continuous automated discovery, proof-based scanning to verify critical vulnerabilities for developers, and recently added Predictive Risk Scoring to advance prioritisation efforts provide customers with a unique set of benefits. These web application security benefits can be deployed together with API discovery and security testing.  Customers’ sensitive data “Our research shows that security pioneers are increasingly concerned with API security and their ability to secure their customers’ sensitive data. This is because as developers build feature-rich applications with integrations and communications to resources, the APIs, especially unknown shadow APIs, create rapidly proliferating attack surfaces,” said Melinda Marks, Practice Director, Cybersecurity at ESG. “The Invicti approach applies a multi-layer discovery method to thoroughly identify APIs, helping organisations deliver secure applications.” Invicti API Security is available to Invicti customers across both Acunetix and Invicti (formerly Netsparker) product lines to extend their use of the Invicti platform. New customers can purchase the product as a web application and API security combination, or a standalone API Security option.

Invicti, the pioneering provider of application security testing solutions, announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organisations gain a strategic view of their overall application security risk. Predictive Risk Scoring allows organisations to determine which web applications should be scanned first and proactively prioritise remediation efforts. This new capability remaps the application security testing process to profile and calculate a risk score on all discovered web applications–before any scanning begins. New advancement in AppSec Risk management and prioritisation are ongoing challenges in application security with the high volume of vulnerabilities that are discovered across web applications and APIs. While vulnerability severity helps order which vulnerabilities might require attention over others, there’s still a lack of information around exploitability and risk. Risk control and prioritisation are ongoing challenges in application guard with the high volume “Everyone working in cybersecurity needs to work faster, with more confidence that they are doing the right thing to protect their organisations. This new advancement in AppSec testing helps make that a reality,” said Neil Roseman, CEO at Invicti. “CISOs can now look at their application attack surface using a risk-based approach, guaranteeing that their AppSec program is focusing efforts in the right areas.” Advantages of this innovation Predictive Risk Scoring addresses the gap in vulnerability severity information by applying an AI model on discovered assets and calculating risk score from a set of 220 parameters with a minimum 83% confidence level. Among many advantages of this innovation, no scanning resources are required and no customer data is required to assess the risk score. “Protecting applications is crucial for companies of all sizes but it’s challenging with the complexity and noise in the application security market, amplified with the adoption of AI. Now more than ever, security teams need to prioritise their efforts to address to the riskiest issues, with speed and scale,” said Melinda Marks, Practice Director, Cybersecurity at ESG. “Risk-based prioritisation can help organisations best deploy their resources and optimise efficiency to secure their environments to support business growth.” Predictive Risk Scoring is currently available to Invicti customers using both Acunetix and Invicti (formerly Netsparker) product lines.