Deployment: Invicti Platform on-demand and Invicti Platform on-premises.
Some features may only be available for one deployment type. Refer to the warning in the AI support assistant section.
AI-enhanced coverage and crawling
Modern web applications are complex, often incorporating dynamic content, AJAX, custom authentication workflows, and single-page architectures. To effectively discover and assess vulnerabilities in such environments, traditional scanning techniques may fall short. Invicti Platform leverages artificial intelligence (AI) to bridge these gaps, significantly enhancing both scan coverage and crawling performance.
Enable AI for your Invicti Platform by folliwing the steps in the Enable AI-features document.
Enhanced crawl coverage with AI
- AI provides deeper context and insights into your web application’s structure and behavior. This allows the Dynamic Application Security Testing (DAST) scanner to analyze, interpret, and detect vulnerabilities more accurately across a wider surface.
- AI-powered features such as Aided Auto-Login automatically detect login forms and submit credentials during scans. This enables the scanner to access authenticated areas and ensures full coverage of protected parts of the application.
Simulation of real user actions
- Invicti’s Business Logic Recording (BLR) and similar mechanisms simulate real user interactions, such as form submissions or button clicks. This allows the scanner to traverse workflows that would otherwise be inaccessible, improving the comprehensiveness of both crawling and scanning.
Advanced crawling techniques for dynamic content
- Invicti employs advanced crawling technology capable of navigating script-heavy sites, SPAs (Single-Page Applications), and custom forms. Its crawling engine conducts JavaScript execution and DOM interaction to identify hidden or dynamically generated links and UI elements.
- It intelligently manages context, even with anti-CSRF protections, multi-field forms, OAuth2, NTLM/Kerberos, Basic HTTP Authentication, and single sign-ons (SSO). These capabilities ensure that authenticated and protected areas don’t go unscanned.
- Crawling performance is further optimized through URL rewriting detection, discovery of new domains during crawl, and automatic identification of custom error pages to reduce noise in results.
Seamless integration with API-based endpoints
- Invicti’s crawler is designed to parse API definition files (such as OpenAPI/Swagger, WSDL, WADL) to uncover and include REST and SOAP endpoints in scans. This ensures both web pages and API endpoints are adequately covered.
- When scan coverage gaps are detected, especially for API-based pages, Invicti allows importing API definitions or specifying additional targets, ensuring critical endpoints are included.
Summary
The following table highlights how Invicti leverages AI and advanced technologies to enhance scan coverage and accuracy. Each capability is designed to address modern web application challenges, from dynamic content and complex authentication to API endpoint discovery.
| Enhancement aspect | How AI/advanced technologies help |
|---|---|
| AI enrichment | Provides deeper context, predictive insights for improved scanning |
| Aided auto-login | Automatically identifies and submits login forms for authenticated coverage |
| User interaction simulation | Simulates form submissions and navigation via BLR and related tools |
| JavaScript & Dynamic crawling | Executes JS and traverses SPAs, script-heavy pages, and custom forms |
| Authenticated ccanning | Supports complex authentication workflows such as OAuth2, SSO, NTLM, etc. |
| API endpoint discovery | Parses WSDL, OpenAPI, and other schema files to include REST/SOAP endpoints |
| Gap detection & importing | Allows reviewing out-of-scope links and importing API definitions for better coverage |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center