The Authentication, Control and Connection Features of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated

or new

)

Last updated: 18/09/2016
Sorted in an ascending order according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary

Unified List Commercial Scanners Free / Open Source Scanners

Logo

Vulnerability Scanner

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

Acunetix WVS Free Edition

Damn Small SQLi Scanner (DSSS)

Logo

Vulnerability Scanner

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

Netsparker Community Edition

N-Stalker 2009 Free Edition

N-Stalker 2012 Free Edition

Oedipus

openAcunetix

Paros Proxy

Logo

Vulnerability Scanner

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

PowerFuzzer

Priamos

ProxyStrike

safe3wvs (limited free edition)

SQID (SQL Injection Digger)

Logo

Vulnerability Scanner

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

SQLiX

sqlmap

Syhunt Mini (Sandcat Mini)

Uber Web Security Scanner

Web Injection Scanner (WIS)

Logo

Vulnerability Scanner

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

WebCruiser Free Edition

WebScarab

WebSecurify (Opensource Version)

Statistics

#	Custom Cookie	Custom Header	B A S I C	D I G E S T	N T L M	N T L M v 2	K E R B E R O S	F O R M	PROXY	GZIP	DEFLATE	SSL	CERT	Logout Detection	Exclude Logout	Exclude URL	Exclude Param
Scanners:	27	16	25	15	18	2	2	20	30	17	13	29	13	9	22	25	19

Glossary

Alias	General Feature	Description	References
Custom Cookie	HTTP Cookie/s Customization	Support for customizing the cookie/s used in the test
Custom Header	HTTP Header/s Customization	Support for customizing the header/s used in the test
BASIC	Basic Authentication	Support for HTTP Basic Authentication	1
DIGEST	Digest Authentication	Support for HTTP Digest Authentication	1
NTLM	NTLM Authentication	Support for Authnetication via NTLM Credentials	1
NTLMv2	NTLMv2 Authentication	Support for Authenctication via NTLM Credentials	1
Kerberos	Kerberos Authentication	Support for Authenctication via Kerberos Protocol	1
FORM	FORM Based Authentication	FORM Based Authentication Support (Html Forms)	1
PROXY	Outgoing Proxy Support	Support for forwarding the communication via an Outgoing Proxy
GZIP	GZIP Compression Support	Support for decompressing/compressing GZIP communication	1
DEFLATE	Deflate Compression Support	Support for decompressing/compressing Deflate communication	1
SSL	SSL/TLS Encryption Support	Scan SSL/TLS Enhanced Servers	1
CERT	Client Side Certificate	Client Side Certificate Authentication Support
Logout Detection	Automated Logout Detection	Support for automatically detecting invalid sessions (logout/timeout)
Logout Exclusion	Logout URL Exclusion	Support for excluding the URL from the scan
URL Exclusion	URL Exclusion	Support for excluding URL groups from the scan
Param Exclusion	HTTP Parameter Exclusion	Support for excluding HTTP parameters from the scan