Gaurav, As you know, in Security we never believe/trust a single automated utilty.
In these web application Scanners, the design is made to crawl to identify valid user inputs and then inject the payloads. Apart, few other standard requests are also sent to target application which will be pre-defined. W.r.t the above inputs the application scans for vulnerabilities. So, for us inorder to know which scanner is best - probably we can list it as below: 1. Vulnerabilities Covered 2. Vulnerability variants (Encoding) 3. Scanning performance 4. Target Application Supported (Java,ASP, PHP, etc...) 5. Features Supported (like Hijacking, Poisoning, Privilage Escalations, etc..) 6. Good Output Parser Hopefully, above things are not limited to. But, its my view... It would be really great if everyone can edit/add above points. Cheers, 0xN41K On Jun 13, 2:13 pm, Gaurav Shah <[email protected]> wrote: > Thanks Srinivas for the links. Although i had seen the comparison from > Anurag Agarwal the others were informative. > However i did notice that the comparison from Darknet contradicts the > comparison from semiaccurate. > Darknet claims that (between appscan and webinspect) webinspect is better > and semiaccurate claims otherwise. > > How do we come to a conclusion? > > > > > > On Mon, Jun 13, 2011 at 1:06 PM, Srinivas Naik <[email protected]> wrote: > > Gaurav, > > > Hope the below reference will guide you... > > > Top AppScanners Scanned and Comparitative Report: > >http://www.darknet.org.uk/content/files/WebVulnScanners.pdf > > > old but informative: > >http://myappsecurity.blogspot.com/2006/11/comparison-between-appscan-... > > > Further : > >http://semiaccurate.com/2010/02/05/web-security-scanners-evaluated-pa... > > >http://semiaccurate.com/static/uploads/2010/02_february/Accuracy_and_... > > > Cheers, > > 0xN41K > > > On Mon, Jun 13, 2011 at 10:29 AM, Gaurav Shah <[email protected]> wrote: > > >> Hi All, > > >> I was trying to find more information about these 2 scanner - IBM Rational > >> Appscan & HP WebInspect. > >> If you compare these 2, which of them is a better web application > >> vulnerability scanner & why? > > >> Please assist. > > >> -- > >> Thanks & Regards > >> Gaurav Shah. > >> 91-9552504002. > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "nforceit" group. > >> To post to this group, send an email to [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]. > >> For more options, visit this group at > >>http://groups.google.com/group/nforceit?hl=en-GB. > > > -- > > You received this message because you are subscribed to the Google Groups > > "nforceit" group. > > To post to this group, send an email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/nforceit?hl=en-GB. > > -- > Thanks & Regards > Gaurav Shah. > 91-9552504002.- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
