The Reflected XSS Detection Accuracy of Web Application Scanners:
The current information is based on the results of the *2011* benchmark (excpet for entries marked as updated or new )

Last updated: 27/08/2012, Currently compares 51 scanners
Sorted in a descending order according to the scanner reflected xss detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners


Rank
#
LogoVulnerability ScannerVersionVendorDetection AccuracyChart
1
Acunetix WVS (Commercial Edition)8.0Acunetix100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Acunetix WVS Free Edition8.0Acunetix100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
IBM AppScan8.5.0.1IBM Security Systems Division100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Syhunt Dynamic (Sandcat Pro)4.5.0.0Syhunt100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Syhunt Mini (Sandcat Mini)4.4.3.0Syhunt100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
WebInspect9.20.277.0HP Application Security Center100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
ZAP1.4.0.1OWASP100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
2
arachni0.4.0.3Tasos Laskos98.48% Detection Rate
0.00% False Positives		(65/66)
(0/7)
2
ParosPro1.9.12MileSCAN Technologies98.48% Detection Rate
0.00% False Positives		(65/66)
(0/7)
3
Sandcat Free Edition4.0.0.1Syhunt98.48% Detection Rate
85.71% False Positives		(65/66)
(6/7)
4
Netsparker (Commercial Edition)2.1.0Mavituna Security96.97% Detection Rate
0.00% False Positives		(64/66)
(0/7)
5
ProxyStrike2.2Edge Security93.94% Detection Rate
85.71% False Positives		(62/66)
(6/7)
6
Burp Suite Professional1.4.10PortSwigger90.91% Detection Rate
0.00% False Positives		(60/66)
(0/7)
7
QualysGuard WAS2012-07-27Qualys, Inc.81.82% Detection Rate
0.00% False Positives		(54/66)
(0/7)
8
NTOSpider
(Obsolete Version / Results)		5.4
(Obsolete)		NT OBJECTives80.30% Detection Rate
0.00% False Positives		(53/66)
(0/7)
9
IronWASP0.9.1.0Lavakumar Kuppan75.76% Detection Rate
0.00% False Positives		(50/66)
(0/7)
10
Nessus5.0.1Tenable Network Security66.67% Detection Rate
57.14% False Positives		(44/66)
(4/7)
11
Netsparker Community Edition1.7.2.13Mavituna Security63.64% Detection Rate
0.00% False Positives		(42/66)
(0/7)
12
N-Stalker 2009 Free Edition7.0.0.223N-Stalker60.61% Detection Rate
0.00% False Positives		(40/66)
(0/7)
13
WebSecurify (Opensource Version)0.9GNU Citizen57.58% Detection Rate
0.00% False Positives		(38/66)
(0/7)
14
Vega1.0Subgraph51.52% Detection Rate
0.00% False Positives		(34/66)
(0/7)
15
JSky (Commercial Edition)3.5.1NoSec50.00% Detection Rate
0.00% False Positives		(33/66)
(0/7)
16
Grabber0.1Romain Gaucher50.00% Detection Rate
100.00% False Positives		(33/66)
(7/7)
17
XSSer1.5psy34.85% Detection Rate
57.14% False Positives		(23/66)
(4/7)
18
XSSS0.40Sven Neuhaus33.33% Detection Rate
71.43% False Positives		(22/66)
(5/7)
19
SkipFish2.07Michal Zalewski - Google31.82% Detection Rate
0.00% False Positives		(21/66)
(0/7)
20
W3AF1.2W3AF developers30.30% Detection Rate
42.86% False Positives		(20/66)
(3/7)
21
Andiparos1.0.6Compass Security AG27.27% Detection Rate
42.86% False Positives		(18/66)
(3/7)
21
WSTool0.14001Kim Young-il27.27% Detection Rate
42.86% False Positives		(18/66)
(3/7)
22
Ammonite1.2RyscCorp.24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
22
Oedipus1.8.1Jordan Del Grande24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
22
Paros Proxy3.2.13MileSCAN Technologies24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
22
PowerFuzzer1.0Marcin Kozlowski24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
22
WebCruiser Enterprise Edition2.5.1Janus Security24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
22
WebCruiser Free Edition2.4.2Janus Security24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
23
Watobo0.9.8Andreas Schmidt24.24% Detection Rate
57.14% False Positives		(16/66)
(4/7)
24
XSSploit0.5SCRT Information Security21.21% Detection Rate
85.71% False Positives		(14/66)
(6/7)
25
Gamja1.6Sanghun Jeon18.18% Detection Rate
14.29% False Positives		(12/66)
(1/7)
25
ScreamingCSS1.02David deVitry18.18% Detection Rate
14.29% False Positives		(12/66)
(1/7)
26
Wapiti2.2.1OWASP16.67% Detection Rate
42.86% False Positives		(11/66)
(3/7)
27
crawlfish0.92ericfish13.64% Detection Rate
28.57% False Positives		(9/66)
(2/7)
28
Grendel Scan1.0David Byrne12.12% Detection Rate
0.00% False Positives		(8/66)
(0/7)
28
N-Stalker 2012 Free Edition7.1.1.121N-Stalker12.12% Detection Rate
0.00% False Positives		(8/66)
(0/7)
29
JSky Free Edition1.0.0NoSec12.12% Detection Rate
42.86% False Positives		(8/66)
(3/7)
29
safe3wvs (limited free edition)10.1Safe3 Network Center12.12% Detection Rate
42.86% False Positives		(8/66)
(3/7)
29
WebScarab20110329OWASP12.12% Detection Rate
42.86% False Positives		(8/66)
(3/7)
30
Uber Web Security Scanner0.0.2Levent Kayan & Illuminatus10.61% Detection Rate
42.86% False Positives		(7/66)
(3/7)
31
Secubat0.5Stefan Kals7.58% Detection Rate
0.00% False Positives		(5/66)
(0/7)
32
iScan0.1Simone Margaritelli0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)
32
openAcunetix0.1John Martinelli0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)
32
VulnDetector0.0.2Brad Cable0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)
32
Xcobra0.2Taras Ivashchenko0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)

Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.