.

WebApp Vulnerability Scanner Comparison

<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Nov 15, 2010 6:00 pm

WebApp Vulnerability Scanner Comparison

Please check out the list of WebApp vulnerability scanners below.  We currently use Acunetix at work and our licence is soon to expire ( I also use Burp Suite Pro with built in scanner).  Therefore I would like to see what alternatives you would recommend from experience?

Commercial: Acunetix, Netsparker, Appscan, WebInspect

Open-Source: w3af, Wapiti, GrendelScan, Websecurify, Skipfish
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Nov 16, 2010 4:38 am

Re: WebApp Vulnerability Scanner Comparison

My preferences are Acunetix and Burp Suite (free, though pro sounds cool) + Nikto (open source) and W3AF (open source) mostly.

However, a Web App Scanner can only do a part of the job, you should always check vulnerabilities and potential vulnerabilities manually since there are some that a scanner may never find, for example the latest 0day in vBulletin.

The possibility of a web app scanner finding that, is low due to the complexity of the attack including user interaction.

Most of the time I'm using manual methods especially on well known web applications since the web app scanners only finds common minor risks which is good to have included in the report, but it's rarely I see anything really critical.

The power of the scanner is when it comes to iterations, such as looking for files and directories that shouldn't be there, common vulnerabilities that a hacker might not look for, such as TRACE requests enabled (which has a very low attack vector), public log files which can't be used to penetrate the target, and perhaps backup files which can be really useful. (and so forth)

Good luck with your future penetration testing of websites and of course your choice of scanner and pentesting framework.
I'm an InterN0T'er
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Tue Nov 16, 2010 5:24 am

Re: WebApp Vulnerability Scanner Comparison

MaXe

Yes I agree a web app scanner is certainly just part of the job and performing manual testing is actually what forms a penetration test.

I have found that Burp Scanner is pretty good as it has managed to find vulnerabilities on several occasions where Acunetix didnt detect anything.  I also use Nikto and Nessus but find these are more successful at finding web server vulnerabilities (Although maybe my configuration may need tweaking for better results) and dirbuster for hidden, default directiories and files etc etc
<<

PhineasGage

User avatar

Newbie
Newbie

Posts: 4

Joined: Sat Nov 28, 2009 1:12 am

Post Tue Jan 04, 2011 6:04 am

Re: WebApp Vulnerability Scanner Comparison

Here's the study "An analysis of Black-box web security scanners" (pdf)

It presents an evaluation of eleven black-box web vulnerability scanners.
"An expert is a person who has made all the mistakes that can be made in a very narrow field." Niels Bohr
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Jan 11, 2011 3:04 pm

Re: WebApp Vulnerability Scanner Comparison

And the conclusion is:
This paper presented the evaluation of eleven black-box web vulnerability scanners.
The results of the evaluation clearly show that the ability to crawl a web application and
reach “deep” into the application’s resources is as important as the ability to detect the
vulnerabilities themselves.
It is also clear that although techniques to detect certain kinds of vulnerabilities are
well-established and seem to work reliably, there are whole classes of vulnerabilities
that are not well-understood and cannot be detected by the state-of-the-art scanners.We
found that eight out of sixteen vulnerabilities were not detected by any of the scanners.

We have also found areas that require further research so that web application vulnerability
scanners can improve their detection of vulnerabilities. Deep crawling is vital
to discover all vulnerabilities in an application. Improved reverse engineering is necessary
to keep track of the state of the application, which can enable automated detection
of complex vulnerabilities.
Finally, we found that there is no strong correlation between cost of the scanner and
functionality provided as some of the free or very cost-effective scanners performed as
well as scanners that cost thousands of dollars.


Thanks for the link!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jan 11, 2011 3:09 pm

Re: WebApp Vulnerability Scanner Comparison

Sounds like a compelling reason for manual testing to me. That's job security folks!
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software