The Unvalidated Redirect Detection Accuracy of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Last updated: 18/09/2016, Currently compares 15 scanners
Sorted in a descending order according to the scanner unvalidated redirect detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners


Rank
#
LogoVulnerability ScannerVersionVendorDetection AccuracyChart
1
Netsparker4.1.1.0Netsparker Ltd100.00% Detection Rate
0.00% False Positives		(30/60)
(0/9)
1
Netsparker Cloud2015-06-16Netsparker Ltd100.00% Detection Rate
0.00% False Positives		(30/60)
(0/9)
1
Tinfoil SecurityXTinfoil Security100.00% Detection Rate
0.00% False Positives		(30/60)
(0/9)
2
Acunetix WVS10.5Acunetix100.00% Detection Rate
11.11% False Positives		(30/60)
(1/9)
2
N-StalkerXN-Stalker100.00% Detection Rate
11.11% False Positives		(30/60)
(1/9)
3
Burp Suite Professional1.7.03PortSwigger76.67% Detection Rate
0.00% False Positives		(23/60)
(0/9)
4
WebInspect10.1.177.0HP Application Security Center50.00% Detection Rate
0.00% False Positives		(15/60)
(0/9)
5
IBM AppScan9.0.0.999 / 8.8.0.0IBM Security Systems Division36.67% Detection Rate
11.11% False Positives		(11/60)
(1/9)
6
AppSpider6.0Rapid733.33% Detection Rate
0.00% False Positives		(10/60)
(0/9)
7
QualysGuard WAS2014-01-21Qualys, Inc.3.33% Detection Rate
0.00% False Positives		(1/60)
(0/9)

Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.