Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 12 Feb 2014 10:00:37 +0200
From: Shay Chen <sectooladdict.vendors@...il.com>
To: oss-security@...ts.openwall.com
Subject: [Benchmark 2014] WAVSEP Vulnerability Scanner Benchmark 2013/2014

The **2014** *WAVSEP* web application scanner benchmark has been published
-

And currently includes new products that were tested for the first time, as
well as returning vendors that were not tested for a while.



Covering a total **63** vulnerability scanners, including commercial
scanners, multiple SAAS engines and open source vendors, the research
compares the performance of the various tested scanners in the following
aspects:



(*) Prices vs. Features

(*) Automated Crawling (WIVET)

(*) Technology and Input Delivery Method Support

(*) Backup/Hidden File Detection Accuracy (*NEW!*)

(*) Unvalidated Redirect Detection Accuracy (*NEW!*)

(*) SQL Injection Detection Accuracy

(*) Cross Site Scripting Detection Accuracy

(*) Path Traversal / LFI Detection Accuracy

(*) (XSS/Phishing via) Remote File Inclusion

(*) Supported Vulnerability Detection Features (e.g. audit features)

(*) Authentication and Usability Features

(*) Coverage and Scan Barrier Support (AntiCSRF Tokens, CAPTCHA, etc)

(*) Etc



The benchmark **one page** result summary can be viewed through the
following link:

http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html

The full article, which includes analysis and conclusions, can be accessed
through the following link:

http://sectooladdict.blogspot.com/2014/02/wavsep-web-application-scanner.html

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ