The Reflected XSS Detection Accuracy of Web Application Scanners

The current information is based on the results of the *2011/2012* benchmarks (excpet for entries marked as updated or new )

Last updated: 31/10/2014, Currently compares 55 scanners
Sorted in a descending order according to the scanner reflected xss detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners


Rank
#
LogoVulnerability ScannerVersionVendorDetection AccuracyChart
1
Acunetix WVS9.0Acunetix100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
Acunetix WVS Free Edition8.0Acunetix100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
IBM AppScan9.0.0.999 / 8.8.0.0IBM Security Systems Division100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
IronWASP0.9.7.4Lavakumar Kuppan100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
Netsparker3.1.7.0Netsparker Ltd100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
NTOSpider6.0NT OBJECTives100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
Syhunt Dynamic5.0.0.7Syhunt100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
Syhunt Mini (Sandcat Mini)4.4.3.0Syhunt100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
Vega1.0Subgraph100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
WebInspect10.1.177.0HP Application Security Center100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
1
ZAP2.2.2OWASP100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)
2
ParosPro1.9.12MileSCAN Technologies98.48% Detection Rate
0.00% False Positives
(65/66)
(0/7)
3
Sandcat Free Edition4.0.0.1Syhunt98.48% Detection Rate
85.71% False Positives
(65/66)
(6/7)
4
Burp Suite Professional1.5.20PortSwigger96.97% Detection Rate
0.00% False Positives
(64/66)
(0/7)
4
N-StalkerXN-Stalker96.97% Detection Rate
0.00% False Positives
(64/66)
(0/7)
5
N-Stalker 2012 Free Edition10.13.11.31N-Stalker95.45% Detection Rate
0.00% False Positives
(63/66)
(0/7)
6
SkipFish2.10Michal Zalewski - Google93.94% Detection Rate
0.00% False Positives
(62/66)
(0/7)
7
ProxyStrike2.2Edge Security93.94% Detection Rate
85.71% False Positives
(62/66)
(6/7)
8
Netsparker Community Edition3.1.6.0Netsparker Ltd78.79% Detection Rate
0.00% False Positives
(52/66)
(0/7)
8
ScanToSecure2014-01-21Netsparker Ltd78.79% Detection Rate
0.00% False Positives
(52/66)
(0/7)
9
WATOBO0.9.19Andreas Schmidt75.76% Detection Rate
100.00% False Positives
(50/66)
(7/7)
10
arachni0.4.6Tasos Laskos66.67% Detection Rate
0.00% False Positives
(44/66)
(0/7)
11
Wapiti2.3.0OWASP66.67% Detection Rate
42.86% False Positives
(44/66)
(3/7)
12
N-Stalker 2009 Free Edition7.0.0.223N-Stalker60.61% Detection Rate
0.00% False Positives
(40/66)
(0/7)
13
WebSecurify (Opensource Version)0.9GNU Citizen57.58% Detection Rate
0.00% False Positives
(38/66)
(0/7)
14
QualysGuard WAS2014-01-21Qualys, Inc.50.00% Detection Rate
0.00% False Positives
(33/66)
(0/7)
14
JSky (Commercial Edition)3.5.1NoSec50.00% Detection Rate
0.00% False Positives
(33/66)
(0/7)
15
XSSer1.6psy50.00% Detection Rate
85.71% False Positives
(33/66)
(6/7)
16
Grabber0.1Romain Gaucher50.00% Detection Rate
100.00% False Positives
(33/66)
(7/7)
17
W3AF1.6W3AF developers37.88% Detection Rate
0.00% False Positives
(25/66)
(0/7)
18
XSSS0.40Sven Neuhaus33.33% Detection Rate
71.43% False Positives
(22/66)
(5/7)
19
Andiparos1.0.6Compass Security AG27.27% Detection Rate
42.86% False Positives
(18/66)
(3/7)
19
WSTool0.14001Kim Young-il27.27% Detection Rate
42.86% False Positives
(18/66)
(3/7)
20
Ammonite1.2RyscCorp.24.24% Detection Rate
42.86% False Positives
(16/66)
(3/7)
20
Oedipus1.8.1Jordan Del Grande24.24% Detection Rate
42.86% False Positives
(16/66)
(3/7)
20
Paros Proxy3.2.13MileSCAN Technologies24.24% Detection Rate
42.86% False Positives
(16/66)
(3/7)
20
PowerFuzzer1.0Marcin Kozlowski24.24% Detection Rate
42.86% False Positives
(16/66)
(3/7)
20
WebCruiser Enterprise Edition2.7.0Janus Security24.24% Detection Rate
42.86% False Positives
(16/66)
(3/7)
20
WebCruiser Free Edition2.4.2Janus Security24.24% Detection Rate
42.86% False Positives
(16/66)
(3/7)
21
XSSploit0.5SCRT Information Security21.21% Detection Rate
85.71% False Positives
(14/66)
(6/7)
22
Gamja1.6Sanghun Jeon18.18% Detection Rate
14.29% False Positives
(12/66)
(1/7)
22
ScreamingCSS1.02David deVitry18.18% Detection Rate
14.29% False Positives
(12/66)
(1/7)
23
crawlfish0.92ericfish13.64% Detection Rate
28.57% False Positives
(9/66)
(2/7)
24
Grendel Scan1.0David Byrne12.12% Detection Rate
0.00% False Positives
(8/66)
(0/7)
25
JSky Free Edition1.0.0NoSec12.12% Detection Rate
42.86% False Positives
(8/66)
(3/7)
25
safe3wvs (limited free edition)10.1Safe3 Network Center12.12% Detection Rate
42.86% False Positives
(8/66)
(3/7)
25
WebScarab20110329OWASP12.12% Detection Rate
42.86% False Positives
(8/66)
(3/7)
26
Uber Web Security Scanner0.0.2Levent Kayan & Illuminatus10.61% Detection Rate
42.86% False Positives
(7/66)
(3/7)
27
Secubat0.5Stefan Kals7.58% Detection Rate
0.00% False Positives
(5/66)
(0/7)
28
iScan0.1Simone Margaritelli0.00% Detection Rate
0.00% False Positives
(0/66)
(0/7)
28
openAcunetix0.1John Martinelli0.00% Detection Rate
0.00% False Positives
(0/66)
(0/7)
28
VulnDetector0.0.2Brad Cable0.00% Detection Rate
0.00% False Positives
(0/66)
(0/7)
28
Xcobra0.2Taras Ivashchenko0.00% Detection Rate
0.00% False Positives
(0/66)
(0/7)

Copyright © 2010-2014 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.