The Attack Vectors Supported by Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated

or new

)

Last updated: 18/09/2016
Sorted in a descending order according to the scanner's number of audit features.
Hint: hover over the marks and titles to get additional information on the various features.
Glossary

Unified List Commercial Scanners Free / Open Source Scanners

Logo

Vulnerability Scanner

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

W3AF

arachni

IronWASP

ZAP

Syhunt Mini (Sandcat Mini)

Logo

Vulnerability Scanner

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

Uber Web Security Scanner

JSky Free Edition

Paros Proxy

safe3wvs (limited free edition)

Grabber

WebSecurify (Opensource Version)

Logo

Vulnerability Scanner

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

WebCruiser Free Edition

Netsparker Community Edition

ProxyStrike

iScan

Acunetix WVS Free Edition

Logo

Vulnerability Scanner

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

openAcunetix

N-Stalker 2012 Free Edition

Damn Small SQLi Scanner (DSSS)

Logo

Vulnerability Scanner

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

LoverBoy

N-Stalker 2009 Free Edition

SQID (SQL Injection Digger)

Web Injection Scanner (WIS)

Statistics

#	S Q L i	B S Q L i	S S J S i	R X S S	P X S S	D X S S	J S O N h	L F I	R F I	C M D E x e c	U P L O A D	R E D I R E C T	C R L F i	L D A P i	X P A P H i	M X i	S S I	F O R M A T i	C O D E i	X M L i	E L i	B U F F E R o	I N T E G E R o	C O D E D i s c	B A C K U P f	P A D D I N G	A U T H b	P R I V e	X X E	S E S S I O N	F I X A T I O N	C S R F	A D o S
Scanners:	40	25	2	39	9	6	2	17	7	12	3	8	14	9	10	3	6	3	7	4	1	3	2	6	15	0	3	3	0	7	5	6	2

Glossary

Alias	Audit Feature	Description	References
SQLi	Error Based SQL Injection	Syntax injection attack that can affect the structure of database queries	1, 2, 3, 4, 5
BSQLi	Blind/Time-Based SQL Injection	Syntax injection attack that can affect the structure of database queries	1, 2
SSJSi	Server Side Java Script (SSJS/NoSQL) Injection	Syntax injection attack that can affect the structure of server side javascript in AJAX Servers/NoSQL DBs	1, 2, 3, 4, 5
RXSS	Reflected Cross Site Scripting	Browser-output targeted attack that can execute HTML, JS and VBS code on other browsers	1, 2, 3, 4, 5
PXSS	Persistent Cross Site Scripting	Browser-output targeted attack that can execute HTML, JS and VBS code on other browsers	1, 2, 3
DXSS	DOM Based Cross Site Scripting	Browser-output targeted attack that can execute HTML, JS and VBS code on other browsers	1, 2, 3
JSONh	JSON Hijacking	JSON Hijacking (Javascript Hijacking) is an attack in which a 3rd party website abuses the beheviour of script tags and JSON to gain private data	1, 2, 3, 4
LFI	Path Traversal & Local File Inclusion	Attacks that can affect the application file & directory access/inclusion	1, 2, 3, 4, 5, 6, 7
RFI	Remote File Inclusion	Attacks that can include (and potentially execute) remote code in the application	1, 2
CMDExec	Command Injection	Syntax injection attack that can execute system commands in the target host	1, 2, 3, 4, 5, 6
UPLOAD	Unrestricted File Upload	A vulnerability that can enable attackers to upload malicious files to the server	1, 2
REDIRECT	Open Redirect	Browser-output targeted attack that can misled users and redirect them to spoofed content	1, 2, 3, 4
CRLFi	HTTP Header Injection & HTTP Response Splitting	Browser-output targeted attack that affect the browser through header/response injection	1, 2, 3, 4
LDAPi	LDAP Injection	Syntax injection attack that can affect the structure of LDAP queries	1, 2, 3, 4
XPATHi	XPath/XQuery Injection	Syntax injection attack that can affect the structure of XPath queries	1, 2, 3, 4, 5, 6, 7
MXi	SMTP/IMAP/Email Injection	Syntax injection attack that can spoof semi-legitimate emails and execute mail commands	1, 2, 3, 4
SSI	Server-Side Includes Injection	Syntax injection attack that can execute scripts on the web server	1, 2, 3, 4, 5
FORMATi	Format String Attack	An attack that can abuse formatting functions to crash programs or execute harmful code	1, 2, 3, 4, 5
CODEi	Code Injection	Syntax injection attack that can execute technology-specific code on the server	1, 2, 3, 4, 5
XMLi	XML Injection	An injection attack that can manipulate the logic of XML dependant services	1, 2
ELi	EL Injection	Expression Language Injection is an injection attack that can execute limited rogue code in platforms that are using "double evaluation".	1, 2
BUFFERo	Buffer Overflow	A memory corruption attack that can crash services and execute malicious code	1, 2, 3, 4, 5, 6, 7, 8, 9
INTEGERo	Integer Overflow	A memory corruption attack that can wraparound numeric values, and indirectly affect resources	1, 2, 3, 4, 5
CODEDisc	Source Code Disclosure	A collection of vulnerabilities that be used to disclose the server source code	1
BACKUPf	Backup Files	A dictionary attack that attempts to locate unrestricted access to obsolete & sensitive files	1
PADDING	Padding Oracle	A cryptography attack on the CBC mode of operation that can decrypt messages without the encryption key	1, 2
AUTHb	Forceful Browsing / Authentication Bypass	An attack that can bypass the authentication enforcement using direct resource access	1, 2, 3, 4, 5
PRIVe	Privilege Escalation	An attack that can enable access to restricted/private content (via parameter tampering / direct access)	1, 2, 3, 4, 5, 6, 7
XXE	Xml External Entity	An attack that abuses the XML dynamic processing features of webservices by introducing xml structures with links to content outside of the sphere of control.	1, 2, 3, 4
SESSION	Weak Session Identifier	A vulnerability that can be exploited to impersonate application users	1, 2, 3, 4, 5, 6
FIXATION	Session Fixation	A vulnerability that can fixate (set) another person's session identifier in order to elevate further attacks	1, 2, 3, 4, 5, 6
CSRF	Cross Site Request Forgery	A vulnerability that can enable malicious 3rd parties to perform operations on behalf of users	1, 2, 3, 4, 5, 6
ADoS	Application Denial of Service	An attack that can deny services from legitimate users via application-level issues	1, 2, 3, 4, 5, 6, 7