[Owasp-scotland] Web Application Scanner comparison

Rory McCune rorym at nmrconsult.net
Mon Jun 28 13:09:47 EDT 2010

Evening all,

There's a post on the portswigger blog
which I thought might be of interest.  It's a link to a paper from an
american university of a study comparing web application scanning

they had quite a wide range to test and there's quite a lot of
interesting findings.  One major one was that none of the 11 scanning
tools reviewed found more than 40% of the vulnerabilities in the test
site under review!  The paper goes into some detail about what the
areas of failure and success where and some ideas of the reasons why
scanners can't find some problems....



More information about the Owasp-scotland mailing list