In the past weeks, I've performed an evaluation/comparison of three popular web vulnerability scanners.This evaluation was ordered by a penetration testing company that will remain anonymous. The vendors were not contacted during or after the evaluation.
The applications (web scanners) included in this evaluation are:
- Acunetix WVS version 6.0 (Build 20081217)
- IBM Rational AppScan version 7.7.620 Service Pack 2
- HP WebInspect version 7.7.869
In total, 16 applications were tested. I've tried to cover all the major platforms, therefore I have applications in PHP, ASP, ASP.NET and Java.
The report can be found at http://drop.io/anantasecfiles/
The full URL to the PDF document: http://drop.io/download/497f0f4e/c1d8b2966f85fb8549a18cbe2d789224ea665f45/759c3010-ce68-012b-dcee-f407c7ff11c2/9eeb1f00-cea5-012b-aa7b-f219675fa758/report.pdf/report_pdf.pdf
Therefore, I will not respond to emails for vendors. You have the information, fix your scanners!