The Path Traversal / Local File Inclusion Detection Accuracy of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated

or new

)

Last updated: 18/09/2016, Currently compares 23 scanners
Sorted in a descending order according to the scanner Path Traversal/LFI detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List Commercial Scanners Free / Open Source Scanners

Rank

#

Logo

Vulnerability Scanner

Version

Vendor

Detection Accuracy

Chart

1

100.00% Detection Rate
0.00% False Positives

(816/816)
(0/8)

1

9.0.0.999 / 8.8.0.0

IBM Security Systems Division

100.00% Detection Rate
0.00% False Positives

(816/816)
(0/8)

1

100.00% Detection Rate
0.00% False Positives

(816/816)
(0/8)

1

Tinfoil Security

Tinfoil Security

100.00% Detection Rate
0.00% False Positives

(816/816)
(0/8)

2

Netsparker Cloud

94.36% Detection Rate
0.00% False Positives

(770/816)
(0/8)

3

94.12% Detection Rate
0.00% False Positives

(768/816)
(0/8)

4

94.12% Detection Rate
62.50% False Positives

(768/816)
(5/8)

5

92.77% Detection Rate
12.50% False Positives

(757/816)
(1/8)

6

HP Application Security Center

91.18% Detection Rate
0.00% False Positives

(744/816)
(0/8)

7

Michal Zalewski - Google

82.35% Detection Rate
25.00% False Positives

(672/816)
(2/8)

8

81.13% Detection Rate
12.50% False Positives

(662/816)
(1/8)

9

75.00% Detection Rate
0.00% False Positives

(612/816)
(0/8)

10

Burp Suite Professional

69.12% Detection Rate
12.50% False Positives

(564/816)
(1/8)

11

63.97% Detection Rate
37.50% False Positives

(522/816)
(3/8)

12

W3AF developers

57.48% Detection Rate
12.50% False Positives

(469/816)
(1/8)

13

Lavakumar Kuppan

53.06% Detection Rate
0.00% False Positives

(433/816)
(0/8)

14

52.94% Detection Rate
0.00% False Positives

(432/816)
(0/8)

15

51.47% Detection Rate
12.50% False Positives

(420/816)
(1/8)

16

JSky (Commercial Edition)

48.53% Detection Rate
12.50% False Positives

(396/816)
(1/8)

17

Andreas Schmidt

41.18% Detection Rate
0.00% False Positives

(336/816)
(0/8)

18

WebSecurify (Opensource Version)

31.62% Detection Rate
0.00% False Positives

(258/816)
(0/8)

19

MileSCAN Technologies

12.75% Detection Rate
37.50% False Positives

(104/816)
(3/8)

20

safe3wvs (limited free edition)

Safe3 Network Center

8.58% Detection Rate
12.50% False Positives

(70/816)
(1/8)

Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.