The Authentication, Control and Connection Features of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated

or new

)

Last updated: 18/09/2016
Sorted in an ascending order according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary

Unified List Commercial Scanners Free / Open Source Scanners

#

Logo

Vulnerability Scanner

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

1

2

3

4

Burp Suite Professional

5

6

JSky (Commercial Edition)

7

8

Netsparker Cloud

9

10

#

Logo

Vulnerability Scanner

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

11

QualysGuard WAS

12

13

Tinfoil Security

14

WebCruiser Enterprise Edition

15

Statistics

#	Custom Cookie	Custom Header	B A S I C	D I G E S T	N T L M	N T L M v 2	K E R B E R O S	F O R M	PROXY	GZIP	DEFLATE	SSL	CERT	Logout Detection	Exclude Logout	Exclude URL	Exclude Param
Scanners:	15	14	14	12	14	11	6	14	14	13	9	15	13	12	14	14	13

Glossary

Alias	General Feature	Description	References
Custom Cookie	HTTP Cookie/s Customization	Support for customizing the cookie/s used in the test
Custom Header	HTTP Header/s Customization	Support for customizing the header/s used in the test
BASIC	Basic Authentication	Support for HTTP Basic Authentication	1
DIGEST	Digest Authentication	Support for HTTP Digest Authentication	1
NTLM	NTLM Authentication	Support for Authnetication via NTLM Credentials	1
NTLMv2	NTLMv2 Authentication	Support for Authenctication via NTLM Credentials	1
Kerberos	Kerberos Authentication	Support for Authenctication via Kerberos Protocol	1
FORM	FORM Based Authentication	FORM Based Authentication Support (Html Forms)	1
PROXY	Outgoing Proxy Support	Support for forwarding the communication via an Outgoing Proxy
GZIP	GZIP Compression Support	Support for decompressing/compressing GZIP communication	1
DEFLATE	Deflate Compression Support	Support for decompressing/compressing Deflate communication	1
SSL	SSL/TLS Encryption Support	Scan SSL/TLS Enhanced Servers	1
CERT	Client Side Certificate	Client Side Certificate Authentication Support
Logout Detection	Automated Logout Detection	Support for automatically detecting invalid sessions (logout/timeout)
Logout Exclusion	Logout URL Exclusion	Support for excluding the URL from the scan
URL Exclusion	URL Exclusion	Support for excluding URL groups from the scan
Param Exclusion	HTTP Parameter Exclusion	Support for excluding HTTP parameters from the scan

Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.