miércoles, 28 de enero de 2009

Web Application Scanners Comparison

In the past weeks, I've performed an evaluation/comparison of three popular web vulnerability scanners.
This evaluation was ordered by a penetration testing company that will remain anonymous. The vendors were not contacted during or after the evaluation.

The applications (web scanners) included in this evaluation are:
  • - Acunetix WVS version 6.0 (Build 20081217)
  • - IBM Rational AppScan version 7.7.620 Service Pack 2
  • - HP WebInspect version 7.7.869

I've tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications provided by the vendors (testphp.acunetix.com, demo.testfire.net, zero.webappsecurity.com) and I've done some tests to verify Javascript execution capabilities.

In total, 16 applications were tested. I've tried to cover all the major platforms, therefore I have applications in PHP, ASP, ASP.NET and Java.

The report can be found at http://drop.io/anantasecfiles/

Fuente: Ananta Security

Link relacioando:
- Web Application Scanners Comparison

No hay comentarios: