Home > slashdot > Web App Scanners Miss Half of Vulnerabilities

Web App Scanners Miss Half of Vulnerabilities

February 6th, 2010 02:57 admin Leave a comment Go to comments

seek3r sends news of a recent test of six web application security scanning products, in which the scanners missed an average of 49% of the vulnerabilities known to be on the test sites. Here is a PDF of the report. The irony is that the test pitted eah scanner against the public test files of all the scanners. This reader adds, “Is it any wonder that being PCI compliant is meaningless from a security point of view? You can perform a Web app scan, check the box on your PCI audit, and still have the security posture of swiss cheese on your Web app!” “NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best ‘Point and Shoot’ rating of 55% and the rest averaged 39%.”

Source: Web App Scanners Miss Half of Vulnerabilities

Related Articles:

  1. Dept. of Homeland Security To Test Iris Scanners
  2. Airport Scanners Can Store and Transmit Images
  3. EPIC Uncovers: Mobile Scanners Not ‘Certified People Scanners’
  4. Homeland Security: New Body Scanners Have Issues
  5. Heathrow To Install Facial Recognition Scanners
blog comments powered by Disqus