Sunday, December 26, 2010

Web Application Scanners Accuracy Assessment

Comparison & Assessment of 43 Free & Open Source Black Box Web Application Vulnerability Scanners

I’ve been collecting them for years, trying to get my hands on anything that was released within the genre. It started as a necessity, transformed into a hobby, and eventually turned into a relatively huge collection… But that’s when the problems started.
While back in 2005 I could barely find freeware web application scanners, by 2008 I had SO MANY of them that I couldn’t decide which ones to use. By 2010 the collection became so big that I came to the realization that I HAVE to choose.
I started searching for benchmarks in the field, but at the time, only located benchmarks the focused on comparing commercial web application scanners (with the exception of one benchmark that also covered 3 open source web application scanners), leaving the freeware & open source scanners in an uncharted territory

The benchmark information and various reports:

The framework for assessing vulnerability scanners was implanted in JEE, and is hosted in the following address:

1 comment:

Black_hat said...

where is the download link