Chirita Ionel Application Security OWASP Chapter board member
Wide Coverage Fast scans Low number of false positives Low number of false negatives Scalability Easy to use Permanent vulnerability database updates To be Cheap !?
Hardware Requirements & support Protocol support Authentication Session management Crawling Data Parsing Testing Command and control Reporting
Thick client vs cloud
Transport support HTTP1.0 & HTTP1.1 SSL/TLS HTTP keep alive HTTP compression HTTP user agent configuration Proxy support HTTP1.0 & HTTP1.1 proxy Socks 4 proxy Socks 5 proxy PAC file support
Basic Digest HTTP negotiate – NTLM & Kerberos Html form-based Automated Scripted Non-automated Single sign on Client SSL certificates Other
Session management capabilities Start a new session Detect if the session is expired Reacquire session token Session management token type support HTTP cookies HTTP parameters HTTP URL path Session token detection Session token refresh policy
Define starting URL Define additional hostname or exclusions for specific criteria Support automated from submission Detect error pages and custom 404 pages Redirect support
HTML JavaScript VBScript XML Plaintext ActiveX Objects Flash
Schedule scans Pause / resume Real-time status of running scans Run multiple scans simultaneously GUI, CLI and web based interface Extensibility & interoperability
Executive summary Technical detailed report Delta reports Compliance report Customization Report data file format
Why do you mean by “best” ? Or the cheapest ?
By Larry Suto
… running each vendor's scanner against each of the vendor's test sites and comparing the results
By Chirita Ionel