Whitepaper: HackMiami Web Application Scanner 2013 PwnOff
An Analysis of Automated Web Application Scanning Suites
Presented by: James Ball, Alexander Heid, and Rod Soto
This document is an analysis of the performance of five common web application scanners, which were put against three different types of web applications. The document will provide as an evaluation of the web application scanner suites from application to the completion of the scan, and will rate the suites on multiple criteria. The Web Application PwnOff was a live event that took place at the HackMiami 2013 Hackers Conference in Miami Beach Florida. There were three target web applications, one PHP based, one JSP based and one .NET based. The scans consisted of a single pre-authentication scan, and a single post-authentication scan against each user level.