The SQL Injection Detection Accuracy of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Last updated: 18/09/2016, Currently compares 56 scanners
Sorted in a descending order according to the scanner sql injection detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners


Rank
#
LogoVulnerability ScannerVersionVendorDetection AccuracyChart
1
Acunetix WVS10.5Acunetix100.00% Detection Rate
0.00% False Positives
(136/136)
(0/10)
1
IBM AppScan9.0.0.999 / 8.8.0.0IBM Security Systems Division100.00% Detection Rate
0.00% False Positives
(136/136)
(0/10)
1
Netsparker4.1.1.0Netsparker Ltd100.00% Detection Rate
0.00% False Positives
(136/136)
(0/10)
1
Netsparker Cloud2015-06-16Netsparker Ltd100.00% Detection Rate
0.00% False Positives
(136/136)
(0/10)
1
Tinfoil SecurityXTinfoil Security100.00% Detection Rate
0.00% False Positives
(136/136)
(0/10)
1
WebInspect10.1.177.0HP Application Security Center100.00% Detection Rate
0.00% False Positives
(136/136)
(0/10)
2
Burp Suite Professional1.7.03PortSwigger100.00% Detection Rate
10.00% False Positives
(136/136)
(1/10)
3
Syhunt Dynamic5.0.0.7Syhunt100.00% Detection Rate
50.00% False Positives
(136/136)
(5/10)
4
AppSpider6.0Rapid797.06% Detection Rate
0.00% False Positives
(132/136)
(0/10)
5
N-StalkerXN-Stalker96.32% Detection Rate
0.00% False Positives
(131/136)
(0/10)
6
Ammonite1.2RyscCorp.96.32% Detection Rate
70.00% False Positives
(131/136)
(7/10)
7
ParosPro1.9.12MileSCAN Technologies93.38% Detection Rate
0.00% False Positives
(127/136)
(0/10)
8
WebCruiser Enterprise Edition2.7.0Janus Security69.85% Detection Rate
0.00% False Positives
(95/136)
(0/10)
9
QualysGuard WAS2014-01-21Qualys, Inc.63.24% Detection Rate
0.00% False Positives
(86/136)
(0/10)
10
JSky (Commercial Edition)3.5.1NoSec61.03% Detection Rate
0.00% False Positives
(83/136)
(0/10)

Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.