quando eu comecei a ler a um post que um cara simplesmente colocou à prova 60 Web Application Scanners, eu achei que ele tinha feito alguns testes básicos. Me enganei por completo. Fiquei impressionado com o nível de detalhe e os comparativos que ele criou, impressionam.
Vejam como os testes foram feitos:
The benchmark focused on testing commercial & open source tools that are able to detect (and not necessarily exploit) security vulnerabilities on a wide range of URLs, and thus, each tool tested was required to support the following features:
· The ability to detect Reflected XSS and/or SQL Injection vulnerabilities.
· The ability to scan multiple URLs at once (using either a crawler/spider feature, URL/Log file parsing feature or a built-in proxy).
· The ability to control and limit the scan to internal or external host (domain/IP).
The testing procedure of all the tools included the following phases:
· The scanners were all tested against the latest version of WAVSEP (v1.0.3), a benchmarking platform designed to assess the detection accuracy of web application scanners. The purpose of WAVSEP’s test cases is to provide a scale for understanding which detection barriers each scanning tool can bypass, and which vulnerability variations can be detected by each tool. The various scanners were tested against the following test cases (GET and POST attack vectors):
o 66 test cases that were vulnerable to Reflected Cross Site Scripting attacks.
o 80 test cases that contained Error Disclosing SQL Injection exposures.
o 46 test cases that contained Blind SQL Injection exposures.
o 10 test cases that were vulnerable to Time Based SQL Injection attacks.
o 7 different categories of false positive RXSS vulnerabilities.
o 10 different categories of false positive SQLi vulnerabilities.
Ele dividiu todo o post em mais de 30 tópicos, vejam só:
Leitura mais do que recomendada para que trabalha com segurança da informação, testes de intrusão e aplicações Web.