Contact us for your penetration testing needs 1-866-PLYNT-24    |   Contact Us   Plynt UK Website  
Click to get Security Testing Quote
Is there published research on the effectiveness of scanners?

Dr. Holger Peine of Fraunhofer IESE published a research report on the effectiveness of scanners in May 2006. The report is available for download here, but please note it’s in German:) His conclusion was that the best scanners found about 1 in 5 holes, that false positives were rampant. This is similar to anecdotal evidence we’ve been hearing for years. The report was discussed in the Webappsec mailing list.

At the OWASP Conference in 2005 at Washington DC, Arian Evans a researcher with FishNet security gave a presentation, comparing the different tools available. It’s available for download here.

Jeremiah Grossman of Whitehat Security gave a presentation at Black Hat Security Conference in 2004 on the challenges of automated scanning. He should know, considering he wrote a scanner himself. The presentation is available here.

Robert Auger of CGISecurity wrote a good piece on Challenges faced by automated web application security assessment tools.


Request a proposal

Our quote contains the best price, the time estimate, and our methodology; and we'll mail you the quote in 24 hrs.


                                                
 
Movable Type Appliance - Powered by TurnKey Linux