[Owasp-scotland] Web Application Scanner comparison

Rory McCune rorym at nmrconsult.net
Mon Jun 28 13:09:47 EDT 2010


Evening all,

There's a post on the portswigger blog
http://blog.portswigger.net/2010/06/comparing-web-application-scanners-part.html
which I thought might be of interest.  It's a link to a paper from an
american university of a study comparing web application scanning
tools.

they had quite a wide range to test and there's quite a lot of
interesting findings.  One major one was that none of the 11 scanning
tools reviewed found more than 40% of the vulnerabilities in the test
site under review!  The paper goes into some detail about what the
areas of failure and success where and some ideas of the reasons why
scanners can't find some problems....


Cheers

Rory


More information about the Owasp-scotland mailing list