oss-sec mailing list archives
[Benchmark 2014] WAVSEP Vulnerability Scanner Benchmark 2013/2014
From: Shay Chen <sectooladdict.vendors () gmail com>
Date: Wed, 12 Feb 2014 10:00:37 +0200
The **2014** *WAVSEP* web application scanner benchmark has been published - And currently includes new products that were tested for the first time, as well as returning vendors that were not tested for a while. Covering a total **63** vulnerability scanners, including commercial scanners, multiple SAAS engines and open source vendors, the research compares the performance of the various tested scanners in the following aspects: (*) Prices vs. Features (*) Automated Crawling (WIVET) (*) Technology and Input Delivery Method Support (*) Backup/Hidden File Detection Accuracy (*NEW!*) (*) Unvalidated Redirect Detection Accuracy (*NEW!*) (*) SQL Injection Detection Accuracy (*) Cross Site Scripting Detection Accuracy (*) Path Traversal / LFI Detection Accuracy (*) (XSS/Phishing via) Remote File Inclusion (*) Supported Vulnerability Detection Features (e.g. audit features) (*) Authentication and Usability Features (*) Coverage and Scan Barrier Support (AntiCSRF Tokens, CAPTCHA, etc) (*) Etc The benchmark **one page** result summary can be viewed through the following link: http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html The full article, which includes analysis and conclusions, can be accessed through the following link: http://sectooladdict.blogspot.com/2014/02/wavsep-web-application-scanner.html
Current thread:
- [Benchmark 2014] WAVSEP Vulnerability Scanner Benchmark 2013/2014 Shay Chen (Feb 12)