The Authentication, Control and Connection Features of Web Application Scanners

The current information is based on the results of the *2011/2012/2014* benchmarks (excpet for entries marked as updated or new )

Last updated: 01/07/2015
Sorted in an ascending order according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
1
Acunetix WVS
2
Acunetix WVS Free Edition
3
aidSQL
4
Ammonite
5
Andiparos
6
arachni
7
Burp Suite Professional
8
crawlfish
9
Damn Small SQLi Scanner (DSSS)
10
Gamja
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
11
Grabber
12
Grendel Scan
13
IBM AppScan
14
IronWASP
15
iScan
16
JSky (Commercial Edition)
17
JSky Free Edition
18
LoverBoy
19
Mini MySqlat0r
20
Netsparker
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
21
Netsparker Cloud
22
Netsparker Community Edition
23
N-Stalker
24
N-Stalker 2009 Free Edition
25
N-Stalker 2012 Free Edition
26
NTOSpider
27
Oedipus
28
openAcunetix
29
Paros Proxy
30
ParosPro
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
31
PowerFuzzer
32
Priamos
33
ProxyStrike
34
QualysGuard WAS
35
safe3wvs (limited free edition)
36
Sandcat Free Edition
37
Scrawlr
38
ScreamingCSS
39
Secubat
40
SkipFish
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
41
SQID (SQL Injection Digger)
42
SQLiX
43
sqlmap
44
Syhunt Dynamic
45
Syhunt Mini (Sandcat Mini)
46
Tinfoil Security
47
Uber Web Security Scanner
48
Vega
49
VulnDetector
50
W3AF
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
51
Wapiti
52
WATOBO
53
Web Injection Scanner (WIS)
54
WebCruiser Enterprise Edition
55
WebCruiser Free Edition
56
WebInspect
57
WebScarab
58
WebSecurify (Opensource Version)
59
WSTool
60
Xcobra
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
61
XSSer
62
XSSploit
63
XSSS
64
ZAP


Statistics
#
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
Scanners:423039273213834443022442621363932



Glossary
AliasGeneral FeatureDescriptionReferences
Custom CookieHTTP Cookie/s CustomizationSupport for customizing the cookie/s used in the test
Custom HeaderHTTP Header/s CustomizationSupport for customizing the header/s used in the test
BASICBasic AuthenticationSupport for HTTP Basic Authentication1
DIGESTDigest AuthenticationSupport for HTTP Digest Authentication1
NTLMNTLM AuthenticationSupport for Authnetication via NTLM Credentials1
NTLMv2NTLMv2 AuthenticationSupport for Authenctication via NTLM Credentials1
KerberosKerberos AuthenticationSupport for Authenctication via Kerberos Protocol1
FORMFORM Based AuthenticationFORM Based Authentication Support (Html Forms)1
PROXYOutgoing Proxy SupportSupport for forwarding the communication via an Outgoing Proxy
GZIPGZIP Compression SupportSupport for decompressing/compressing GZIP communication1
DEFLATEDeflate Compression SupportSupport for decompressing/compressing Deflate communication1
SSLSSL/TLS Encryption SupportScan SSL/TLS Enhanced Servers1
CERTClient Side CertificateClient Side Certificate Authentication Support
Logout DetectionAutomated Logout DetectionSupport for automatically detecting invalid sessions (logout/timeout)
Logout ExclusionLogout URL ExclusionSupport for excluding the URL from the scan
URL ExclusionURL ExclusionSupport for excluding URL groups from the scan
Param ExclusionHTTP Parameter ExclusionSupport for excluding HTTP parameters from the scan



Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.