>>>> See the most recent results of the 2012 WAVSEP benchmark! <<<<
Shay Chen, an Information Security consultant and blogger, recently published the latest results of his ultra-thorough web application security scanner comparison. The survey, covered 60(!) different open source and commercial scanners, and summarized some of the most critical features and capabilities of each scanner, such as:
- Audit features and capabilities
- Active vulnerability detection features
- Complementary scanning features (passive analysis, known issues, etc.)
- Usability, Coverage and Scan Initiation Features
- Authentication, Scan Control and Connection Support Features
- Advanced and Uncommon Features
- Accuracy benchmark (performed against WAVSEP)
- Cross-site scripting success & false positives rate
- SQL Injection success & false positive rate
Needless to say, AppScan Standard Edition led the pack in most aspects - especially around Audit Features and Scanning Capabilities, where no other scanner came even close:
