Re: Web Application Scanners Comparison

["love.wadhwa () naukri com" <love.wadhwa () naukri com>]

Hi anantasec

Probably believe the zipped js files package is corrupt.Please check if
thats it or m doing it the other way.

On Tue, 2009-01-27 at 19:44 +0530, anantasec wrote:
> Hi all,
>
> In the past weeks, I've performed an evaluation/comparison of three
> popular web vulnerability scanners.This evaluation was ordered by a
> penetration testing company that will remain anonymous. The vendors
> were not contacted during or after the evaluation.
>
> The applications (web scanners) included in this evaluation are:
> - Acunetix WVS version 6.0 (Build 20081217)
> - IBM Rational AppScan version 7.7.620 Service Pack 2
> - HP WebInspect version 7.7.869
>
> I've tested 13 web applications (some of them containing a lot of
> vulnerabilities), 3 demo applications provided by the vendors
> (testphp.acunetix.com, demo.testfire.net, zero.webappsecurity.com) and
> I've done some tests to verify Javascript execution capabilities.
>
> In total, 16 applications were tested. I've tried to cover all the
> major platforms, therefore I have applications in PHP, ASP, ASP.NET
> and Java.
>
> The report can be found at http://drop.io/anantasecfiles/
> The full URL to the PDF document:
> http://drop.io/download/497f0f4e/c1d8b2966f85fb8549a18cbe2d789224ea665f45/759c3010-ce68-012b-dcee-f407c7ff11c2/9eeb1f00-cea5-012b-aa7b-f219675fa758/report.pdf/report_pdf.pdf
>
> I've included enough information in this report (the javascript files
> used for testing, exact version and URL for all the tested
> applications) so anybody with enough patience can verify and reproduce
> the results presented here.
>
> Therefore, I will not respond to emails for vendors. You have the
> information, fix your scanners!
>
> Best wishes & regards,
> anantasec
>
> --
> http://anantasec.blogspot.com
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
> Methodologies & Tools for Web Application Security Assessment
> With the rapid rise in the number and types of security threats, web application security assessments should be 
> considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
> can accelerate the assessment process? Download this Whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> -------------------------------------------------------------------------
-- 
Warm Regards
Love Wadhwa
RedHat Certified Engg.
Infoedge India Ltd.
Mobile:09818022122


-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------