The *2014* WAVSEP web application scanner benchmark has been published
Currently includes new products that were tested for the first time (ScanToSecure, N-Stalker), as well as returning vendors that were not tested for a while (NTOSpider).
Covering a total *63* vulnerability scanners, including commercial scanners, multiple SAAS engines and open source vendors, the research compares the performance of the various tested scanners in the following aspects:
(*) Prices vs. Features
(*) Automated Crawling (WIVET)
(*) Technology and Input Delivery Method Support
(*) Backup/Hidden File Detection Accuracy (*NEW!*)
(*) Unvalidated Redirect Detection Accuracy (*NEW!*)
(*) SQL Injection Detection Accuracy
(*) Cross Site Scripting Detection Accuracy
(*) Path Traversal / LFI Detection Accuracy
(*) (XSS/Phishing via) Remote File Inclusion
(*) Supported Vulnerability Detection Features (e.g. audit features)
(*) Authentication and Usability Features
(*) Coverage and Scan Barrier Support (AntiCSRF Tokens, CAPTCHA, etc)
(*) Etc
The benchmark *one page* result summary can be viewed through the following link:
The full article, which includes analysis and conclusions, can be accessed through the following link:
To be up to date with all news just follow https://twitter.com/sectooladdict
0 comments:
Post a Comment
mohon saran dan komentar teman² semua