Web Vulnerability Scanner Comparison

Remarks on the recent Web vulnerability scanner comparison by Larry Suto

Larry Suto has recently released a report comparing various Web vulnerability scanner products.  I’d like to thank Larry for his efforts and also point out that Cenzic encourages such comparisons, as they help users make more informed decisions.

That being said, some of the Larry’s results sparked our interest and raised a few questions.  As with any software product, results depend on how it’s configured and what assumptions are made.  Our Hailstorm product is being used by hundreds of customers who are extremely pleased with the results while testing thousands of applications on a monthly basis.  So we ran some of the test ourselves against the same target applications in an effort to better understand all of Larry’s findings.

Cenzic is a product of its innovation and responsiveness to our customers’ needs. We’ve always been (and continue to be) highly committed to on-going product improvements (where warranted), so we’re eager to learn as much from this report as possible.  Interestingly enough, however, our own results were somewhat different than Larry’s findings.  We’re in current discussions with Larry to better understand how he configured the product and confirm his assumptions versus our own.  Hopefully I’ll be able to provide an update on that soon.