Tested Against WAVSEP Version:

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
13.64% Detection Rate
28.57% False Positives
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)9 out of 33Cases Detected: 1-5, 30(1st&2nd),31,32 Cases Missed: 6-29
Reflected XSSHTTP POST (Body Parameters)0 out of 33Cases Missed: 1-32
False Positive RXSS Test CasesHTTP GET (Query String Parameters)2 out of 71,6

WAVSEP Scan Log:
I disabled the ?restrict to folder? checkbox (the crawling process only seemed to succeed with this feature disabled), increased the max crawl cap to 100, and scanned the following URLs:
Even though the scanner always crashed at the end of the scan, I was still able to see the scan results with the error window in the background.
The tool successfully crawled all URLs, did not detect any POST vulnerabilities (probably because it didn?t submit any forms).

Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.