The SQL Injection Detection Accuracy of Web Application Scanners:
The current information is based on the results of the *2011* benchmark (excpet for entries marked as updated or new )

Last updated: 27/08/2012, Currently compares 52 scanners
Sorted in a descending order according to the scanner sql injection detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners


Rank
#
LogoVulnerability ScannerVersionVendorDetection AccuracyChart
1
Acunetix WVS (Commercial Edition)8.0Acunetix100.00% Detection Rate
0.00% False Positives		(136/136)
(0/10)
1
Burp Suite Professional1.4.10PortSwigger100.00% Detection Rate
0.00% False Positives		(136/136)
(0/10)
1
sqlmap1.0sqlmap developers100.00% Detection Rate
0.00% False Positives		(136/136)
(0/10)
2
IBM AppScan8.5.0.1IBM Security Systems Division100.00% Detection Rate
30.00% False Positives		(136/136)
(3/10)
2
Netsparker (Commercial Edition)2.1.0Mavituna Security100.00% Detection Rate
30.00% False Positives		(136/136)
(3/10)
3
arachni0.4.0.3Tasos Laskos100.00% Detection Rate
50.00% False Positives		(136/136)
(5/10)
3
IronWASP0.9.1.0Lavakumar Kuppan100.00% Detection Rate
50.00% False Positives		(136/136)
(5/10)
3
Syhunt Dynamic (Sandcat Pro)4.5.0.0Syhunt100.00% Detection Rate
50.00% False Positives		(136/136)
(5/10)
3
Syhunt Mini (Sandcat Mini)4.4.3.0Syhunt100.00% Detection Rate
50.00% False Positives		(136/136)
(5/10)
3
Wapiti2.2.1OWASP100.00% Detection Rate
50.00% False Positives		(136/136)
(5/10)
4
WebInspect9.20.277.0HP Application Security Center99.26% Detection Rate
30.00% False Positives		(135/136)
(3/10)
5
Ammonite1.2RyscCorp.96.32% Detection Rate
70.00% False Positives		(131/136)
(7/10)
6
ParosPro1.9.12MileSCAN Technologies93.38% Detection Rate
0.00% False Positives		(127/136)
(0/10)
7
NTOSpider
(Obsolete Version / Results)		5.4
(Obsolete)		NT OBJECTives85.29% Detection Rate
0.00% False Positives		(116/136)
(0/10)
8
Nessus5.0.1Tenable Network Security85.29% Detection Rate
20.00% False Positives		(116/136)
(2/10)
9
QualysGuard WAS2012-07-27Qualys, Inc.82.35% Detection Rate
0.00% False Positives		(112/136)
(0/10)
10
Andiparos1.0.6Compass Security AG77.21% Detection Rate
40.00% False Positives		(105/136)
(4/10)
10
Paros Proxy3.2.13MileSCAN Technologies77.21% Detection Rate
40.00% False Positives		(105/136)
(4/10)
11
Vega1.0Subgraph75.74% Detection Rate
0.00% False Positives		(103/136)
(0/10)
12
ZAP1.4.0.1OWASP75.74% Detection Rate
50.00% False Positives		(103/136)
(5/10)
13
Netsparker Community Edition1.7.2.13Mavituna Security70.59% Detection Rate
30.00% False Positives		(96/136)
(3/10)
14
Watobo0.9.8Andreas Schmidt65.44% Detection Rate
30.00% False Positives		(89/136)
(3/10)
15
JSky (Commercial Edition)3.5.1NoSec61.03% Detection Rate
0.00% False Positives		(83/136)
(0/10)
16
W3AF1.2W3AF developers59.56% Detection Rate
30.00% False Positives		(81/136)
(3/10)
17
Sandcat Free Edition4.0.0.1Syhunt58.82% Detection Rate
20.00% False Positives		(80/136)
(2/10)
18
Oedipus1.8.1Jordan Del Grande58.82% Detection Rate
40.00% False Positives		(80/136)
(4/10)
19
WebSecurify (Opensource Version)0.9GNU Citizen58.82% Detection Rate
50.00% False Positives		(80/136)
(5/10)
20
ProxyStrike2.2Edge Security52.21% Detection Rate
0.00% False Positives		(71/136)
(0/10)
21
PowerFuzzer1.0Marcin Kozlowski51.47% Detection Rate
40.00% False Positives		(70/136)
(4/10)
22
WebCruiser Enterprise Edition2.5.1Janus Security50.74% Detection Rate
0.00% False Positives		(69/136)
(0/10)
22
WebCruiser Free Edition2.4.2Janus Security50.74% Detection Rate
0.00% False Positives		(69/136)
(0/10)
23
Gamja1.6Sanghun Jeon50.00% Detection Rate
80.00% False Positives		(68/136)
(8/10)
24
WSTool0.14001Kim Young-il45.59% Detection Rate
40.00% False Positives		(62/136)
(4/10)
25
Grendel Scan1.0David Byrne42.65% Detection Rate
50.00% False Positives		(58/136)
(5/10)
26
SkipFish2.07Michal Zalewski - Google40.44% Detection Rate
0.00% False Positives		(55/136)
(0/10)
27
safe3wvs (limited free edition)10.1Safe3 Network Center40.44% Detection Rate
30.00% False Positives		(55/136)
(3/10)
28
Damn Small SQLi Scanner (DSSS)0.1hMiroslav Stampar39.71% Detection Rate
20.00% False Positives		(54/136)
(2/10)
29
JSky Free Edition1.0.0NoSec38.24% Detection Rate
20.00% False Positives		(52/136)
(2/10)
30
SQLiX1.0OWASP37.50% Detection Rate
20.00% False Positives		(51/136)
(2/10)
31
Mini MySqlat0r0.5SCRT Information Security26.47% Detection Rate
0.00% False Positives		(36/136)
(0/10)
32
Uber Web Security Scanner0.0.2Levent Kayan & Illuminatus21.32% Detection Rate
40.00% False Positives		(29/136)
(4/10)
33
Secubat0.5Stefan Kals18.38% Detection Rate
70.00% False Positives		(25/136)
(7/10)
34
Grabber0.1Romain Gaucher15.44% Detection Rate
20.00% False Positives		(21/136)
(2/10)
35
Scrawlr1.0HP Application Security Center13.24% Detection Rate
0.00% False Positives		(18/136)
(0/10)
36
aidSQL02062011Lynxec11.76% Detection Rate
0.00% False Positives		(16/136)
(0/10)
37
iScan0.1Simone Margaritelli0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)
37
LoverBoy1.0Ashaman Boyd0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)
37
openAcunetix0.1John Martinelli0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)
37
Priamos1.0Yigit Aktan0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)
37
SQID (SQL Injection Digger)0.3Metaeye Security Group0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)
37
VulnDetector0.0.2Brad Cable0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)
37
Web Injection Scanner (WIS)0.4netXeyes0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)
37
Xcobra0.2Taras Ivashchenko0.00% Detection Rate
0.00% False Positives		(0/136)
(0/10)

Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.