An Analysis of Automated Web Application Scanning Suites
This document is an analysis of the performance of five common web application scanners, which were put against three different types of web applications. The document will provide as an evaluation of the web application scanner suites from installation to the completion of the scan, and will rate the suites on multiple criteria.
Acunetix, Appscan, BURP, Nexpose& NTO Spider.
Study carried out by James Ball, Alexander Heid, Rod Soto : HackMiami
Overall Details Regarding Each Product
Details show that overall the product AppScan is the most costly with Burp Proxy being the cheapest.
Ongoing cyclical web application vulnerability assessments are a critical part of the software development lifecycle (SDLC) for any organization. The harried release cycles of web applications and scarce availability of skilled security engineers to conduct thorough manual assessments makes the market for automated web application vulnerability scanner suites one that will continue to grow. As more products come to market, and more exploitable vulnerabilities are identified, the choices will continue to grow. The end consumer will almost always be faced with picking a product that meets their strictest requirement, the budget. In terms of overall value, it is the conclusion of the researchers conducting the HackMIami 2013 Hackers Conference PwnOff that Portswigger BURP and Rapid7 Nexpose/MetasploitPro currently provide the most value to the independent security consultant in terms of discovered vulnerabilities, ease of use, licensing flexibility, and rage of functionality