Accuracy and Time Costs of Web Application Security Scanners

In an attempt to objectively test and quantify the effectiveness of web application vulnerability assesment tools, Larry Suto researched the accuracy and time needed to run, review, and supplement the results of the of the following web application scanners: Accunetix, Appscan by IBM, BurpSuitePro, Hailstorm by Cenzic, WebInspect by HP, NTOSpider by NT OBJECTives as well as the Qualys managed scanning service.

This report is centered around testing the effectiveness of web application scanners in the following four areas:
  1. Links crawled
  2. Coverage of the applications tested using Fortify Tracer
  3. Number of verified vulnerability findings
  4. Number of false positives

Findings - Vulnerabilities

Download this report now to learn more about the following:
  • Which scanner is the most effective at vulnerability findings
  • Discrepancies in application coverage
  • Overall human time/cost
  • Which scanners have the best support

Findings False Positives

Download Report

Provide the following information to have this report emailed to you.