COMPANY NEWS
February 3rd, 2010 - Accuracy and Time Costs of Web Application Security Scanner ReportA new whitepaper by Larry Suto has been posted on the popular Ha.ckers.org blog. Larry has followed up his 2007 review with a new analysis of the web app scanners on the market. This latest whitepaper details his findings when he compared six web application security scanners (Including NTOSpider) against six vulnerable test sites.
From the report:
Of the vulnerabilities on the web apps he scanned, the scanners missed an average of 49% of them.
"NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%."
"As clearly the leader in terms of quality results, NTOSpider performed very well. The results make a great case for using NTOSpider as the first choice for automated scanning."
Read the full whitepaper
Update: Due to the number of counter-claims/accusations going around, we have posted our response.
References on the web to this whitepaper:
- Ha.ckers.org
- Slashdot
- Darkreading
- An Information Security Place Podcast
- SemiAccurate (Part 1) / (Part 2)
- Infosec Island
- Alan Shimel's Blog
- Rootsecure
- Playnoevil
- Tactical Web App Security
- Security-dojo
Sales