ScannerVersionVendor
WebCruiser Free Edition2.4.2Janus Security

Tested Against WAVSEP Version:
1.0.3

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
50.74% Detection Rate
0.00% False Positives
(69/136)
(0/10)
Response TypeInput VectorDetection RateDetails
Errorneous 500 ResponsesHTTP GET (Query String Parameters)12 out of 20Cases Detected: 1(2nd),3,6-8,11-13,15-18 Cases Missed: 1(1st),2,4,5,9,10,14,19
Errorneous 500 ResponsesHTTP POST (Body Parameters)9 out of 20Cases Detected: 1(2nd),3,7,8,11-13,17,18 Cases Missed: 1(1st),2,4-6,9,10,14-16,19
Errorneous 200 ResponsesHTTP GET (Query String Parameters)12 out of 20Cases Detected: 1(2nd),3,6-8,11-13,15-18 Cases Missed: 1(1st),2,4,5,9,10,14,19 (9,19 detected only as XSS)
Errorneous 200 ResponsesHTTP POST (Body Parameters)9 out of 20Cases Detected: 1(2nd),3,7,8,11-13,17,18 Cases Missed: 1(1st),2,4,5,10,14-16,19 (6,9,15,16,19 detected only as XSS)
Valid 200 ResponsesHTTP GET (Query String Parameters)12 out of 20Cases Detected: 1(2nd),3,6-8,11-13,15-18 Cases Missed: 1(1st),2,4,5,9,10,14,19
Valid 200 ResponsesHTTP POST (Body Parameters)12 out of 20Cases Detected: 1(1st&2nd)-4,7,8,11-13,17,18 Cases Missed: 5,6,9,10,14-16,19
Identical 200 ResponsesHTTP GET (Query String Parameters)2 out of 8Cases Detected: 1,2 Cases Missed: 3-8
Identical 200 ResponsesHTTP POST (Body Parameters)1 out of 8Cases Detected: 1 Cases Missed: 2-8
False Positive SQLi Test CasesHTTP GET (Query String Parameters)0 out of 10None

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
24.24% Detection Rate
42.86% False Positives
(16/66)
(3/7)
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)8 out of 33Cases Detected: 1-5,30(1st&2nd),32 Cases Missed: 6-29,31
Reflected XSSHTTP POST (Body Parameters)8 out of 33Cases Detected: 1-5,30(1st&2nd),32 Cases Missed: 6-29,31
False Positive RXSS Test CasesHTTP GET (Query String Parameters)3 out of 71,2,6

WAVSEP Scan Log:
The spider successfully crawled all the URLs. I verified the scanning results by scanning several subdirectories directly, receiving identical results.


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.