HackMiami Web Application PwnOff 2013

Whitepaper: HackMiami Web Application Scanner 2013 PwnOff

An Analysis of Automated Web Application Scanning Suites
Presented by: James Ball, Alexander Heid, and Rod Soto

P0wn off 2013This document is an analysis of the performance of five common web application scanners, which were put against three different types of web applications. The document will provide as an evaluation of the web application scanner suites from application to the completion of the scan, and will rate the suites on multiple criteria. The Web Application PwnOff was a live event that took place at the HackMiami 2013 Hackers Conference in Miami Beach Florida. There were three target web applications, one PHP based, one JSP based and one .NET based. open_pdf The scans consisted of a single pre-authentication scan, and a single post-authentication scan against each user level.