Wednesday, February 12, 2014

WAVSEP 2014 Web Application Scanner Benchmark

The *2014* WAVSEP web application scanner benchmark has been published

Currently includes new products that were tested for the first time (ScanToSecure, N-Stalker), as well as returning vendors that were not tested for a while (NTOSpider).

Covering a total *63* vulnerability scanners, including commercial scanners, multiple SAAS engines and open source vendors, the research compares the performance of the various tested scanners in the following aspects:

(*) Prices vs. Features
(*) Automated Crawling (WIVET)
(*) Technology and Input Delivery Method Support
(*) Backup/Hidden File Detection Accuracy (*NEW!*)
(*) Unvalidated Redirect Detection Accuracy (*NEW!*)
(*) SQL Injection Detection Accuracy
(*) Cross Site Scripting Detection Accuracy
(*) Path Traversal / LFI Detection Accuracy
(*) (XSS/Phishing via) Remote File Inclusion
(*) Supported Vulnerability Detection Features (e.g. audit features)
(*) Authentication and Usability Features
(*) Coverage and Scan Barrier Support (AntiCSRF Tokens, CAPTCHA, etc)
(*) Etc

The benchmark *one page* result summary can be viewed through the following link:

The full article, which includes analysis and conclusions, can be accessed through the following link:

To be up to date with all news just follow https://twitter.com/sectooladdict

No comments: