The Authentication, Control and Connection Features of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Last updated: 18/09/2016
Sorted in an ascending order according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
1
Acunetix WVS
2
Acunetix WVS Free Edition
3
aidSQL
4
Ammonite
5
Andiparos
6
AppSpider
7
arachni
8
Burp Suite Professional
9
crawlfish
10
Damn Small SQLi Scanner (DSSS)
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
11
Gamja
12
Grabber
13
Grendel Scan
14
IBM AppScan
15
IronWASP
16
iScan
17
JSky (Commercial Edition)
18
JSky Free Edition
19
LoverBoy
20
Mini MySqlat0r
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
21
Netsparker
22
Netsparker Cloud
23
Netsparker Community Edition
24
N-Stalker
25
N-Stalker 2009 Free Edition
26
N-Stalker 2012 Free Edition
27
Oedipus
28
openAcunetix
29
Paros Proxy
30
ParosPro
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
31
PowerFuzzer
32
Priamos
33
ProxyStrike
34
QualysGuard WAS
35
safe3wvs (limited free edition)
36
Sandcat Free Edition
37
Scrawlr
38
ScreamingCSS
39
Secubat
40
SkipFish
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
41
SQID (SQL Injection Digger)
42
SQLiX
43
sqlmap
44
Syhunt Dynamic
45
Syhunt Mini (Sandcat Mini)
46
Tinfoil Security
47
Uber Web Security Scanner
48
Vega
49
VulnDetector
50
W3AF
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
51
Wapiti
52
WATOBO
53
Web Injection Scanner (WIS)
54
WebCruiser Enterprise Edition
55
WebCruiser Free Edition
56
WebInspect
57
WebScarab
58
WebSecurify (Opensource Version)
59
WSTool
60
Xcobra
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
61
XSSer
62
XSSploit
63
XSSS
64
ZAP


Statistics
#
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
Scanners:423039273213834443022442621363932



Glossary
AliasGeneral FeatureDescriptionReferences
Custom CookieHTTP Cookie/s CustomizationSupport for customizing the cookie/s used in the test
Custom HeaderHTTP Header/s CustomizationSupport for customizing the header/s used in the test
BASICBasic AuthenticationSupport for HTTP Basic Authentication1
DIGESTDigest AuthenticationSupport for HTTP Digest Authentication1
NTLMNTLM AuthenticationSupport for Authnetication via NTLM Credentials1
NTLMv2NTLMv2 AuthenticationSupport for Authenctication via NTLM Credentials1
KerberosKerberos AuthenticationSupport for Authenctication via Kerberos Protocol1
FORMFORM Based AuthenticationFORM Based Authentication Support (Html Forms)1
PROXYOutgoing Proxy SupportSupport for forwarding the communication via an Outgoing Proxy
GZIPGZIP Compression SupportSupport for decompressing/compressing GZIP communication1
DEFLATEDeflate Compression SupportSupport for decompressing/compressing Deflate communication1
SSLSSL/TLS Encryption SupportScan SSL/TLS Enhanced Servers1
CERTClient Side CertificateClient Side Certificate Authentication Support
Logout DetectionAutomated Logout DetectionSupport for automatically detecting invalid sessions (logout/timeout)
Logout ExclusionLogout URL ExclusionSupport for excluding the URL from the scan
URL ExclusionURL ExclusionSupport for excluding URL groups from the scan
Param ExclusionHTTP Parameter ExclusionSupport for excluding HTTP parameters from the scan



Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.