Never-ending ticket queues. Distracting false positives. Monotonous manual verifications. Coffee just to stay awake. And, oh yeah, the constant, looming threat of cybersecurity attacks destroying the entire network.
As a security engineer in 2009, Ferruh Mavituna was frustrated with the long hours it took to manually verify the results of automated web security scans. Worse still, time spent exploring each suspected issue was time when the application remained vulnerable to attack. There had to be a better, automated option, he thought.
Only, according to Mavituna, there wasn’t.
Invicti Security is a web application security startup that came about from combining the strengths of industry veteran Acunetix with Mavituna’s own Netsparker company. Netsparker’s fundamental innovation is its proof-based scanning technology that automatically and safely verifies detected vulnerabilities to minimize manual verification and eliminate the uncertainty of false positives, Mavituna said.
Combined with detailed vulnerability information, this technology allows security experts and developers to focus on fixing real and verified issues rather than waste time and effort on unconfirmed vulnerability reports. Instead of a rookie cop answering an undisclosed 911 call, a seasoned detective can investigate a murder scene.
Most companies, Mativuna said, think of web application security as an “add-on” feature. But as cybersecurity threats become more common, it’s important for security to be one of every organization’s primary focuses. The less time a website is vulnerable, the lower the risk of attack.
As the founder and CEO of Invicti, please tell us about your background. What inspired you to build this company?
It started back in 2006. I was spending hours per day manually verifying the results of automated web security scans, weeding out false positives and managing vulnerability assessments. My frustration fueled my ambition to create an end-to-end security solution. So I created Netsparker, a solution that integrates security into the software development lifecycle and greatly reduces the number of reported false positives, which allows teams to scale their efforts without expanding their headcount.
This is your third time in the CEO seat. How has your philosophy on leadership changed through the years?
I consider Invicti my first real CEO experience. My philosophy has evolved quite a lot in the last decade. When I started Netsparker, we were building technology and were all about innovating in the field and building a product around the security engineers. As Invicti grows, we’re focusing on building the right environment and culture to continuously innovate.
My biggest revelation happened around five years ago, when I realized a company can only grow with the right people. I realized the two most important things as CEO are hiring the right people and sharing the vision with them. Great teams make great companies.
How do you maintain a positive startup culture as your company grows?
My philosophy is to always ask “why.” This forces us to evaluate our decisions carefully. Are we doing something because everyone else is doing it, or because it actually needs to be done for our company?
We solve web security problems at scale, giving us a unique position in the market.”
How does Invicti distinguish itself from other web app security companies?
A lot of companies in the market fail to produce a product with technical capabilities because they are not mature enough. They also fail because they only focus on scanning web applications.
We, on the other hand, are not approaching web application security as a scanning problem; we are approaching it holistically. We solve web security problems at scale, giving us a unique position in the market as the vendor who can secure thousands of web applications even when our customers only have a handful of web security people.
We also understand that to solve these very challenging problems, we need to build innovative technologies such as our product, Proof-Based Scanning. We first set our vision on how web security problems need to be solved and then we innovate to make that vision a reality.
Invicti is unique because it was built on the foundation of two market leaders joining forces. Unlike many other companies in the industry, Netsparker and Acunetix are completely dedicated to web application security. We don’t treat web security as just an “add-on.”
How do you envision the future of web application security systems?
With our technology, companies can secure thousands of websites with their own small teams. The future of web security is automation and accuracy.