The Path Traversal / Local File Inclusion Detection Accuracy of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Last updated: 18/09/2016, Currently compares 23 scanners
Sorted in a descending order according to the scanner Path Traversal/LFI detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners


Rank
#
LogoVulnerability ScannerVersionVendorDetection AccuracyChart
1
arachni1.1Tasos Laskos100.00% Detection Rate
0.00% False Positives		(816/816)
(0/8)
2
Vega1.0Subgraph94.12% Detection Rate
62.50% False Positives		(768/816)
(5/8)
3
SkipFish2.10Michal Zalewski - Google82.35% Detection Rate
25.00% False Positives		(672/816)
(2/8)
4
ZAP2.2.2OWASP75.00% Detection Rate
0.00% False Positives		(612/816)
(0/8)
5
W3AF1.6W3AF developers57.48% Detection Rate
12.50% False Positives		(469/816)
(1/8)
6
IronWASP0.9.7.4Lavakumar Kuppan53.06% Detection Rate
0.00% False Positives		(433/816)
(0/8)
7
Wapiti2.3.0OWASP51.47% Detection Rate
12.50% False Positives		(420/816)
(1/8)
8
WATOBO0.9.19Andreas Schmidt41.18% Detection Rate
0.00% False Positives		(336/816)
(0/8)
9
WebSecurify (Opensource Version)0.9GNU Citizen31.62% Detection Rate
0.00% False Positives		(258/816)
(0/8)
10
safe3wvs (limited free edition)10.1Safe3 Network Center8.58% Detection Rate
12.50% False Positives		(70/816)
(1/8)

Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.