Security and Communication Networks

Research Article

Performance-Based Comparative Assessment of Open Source Web Vulnerability Scanners

Table 1

Web vulnerability scanners’ comparison: scanners’ selection and evaluation criteria.
Scanners’ selection criteria
 Scanning speed
 Visualization features
 Scanning scope
 Export file formats
 Supported operating systems
 Consistency with other scanners
 Supported programming languages
 Availability of web-based GUI
Scanners’ evaluation criteria
 Performance
  Quantitative measures
   True positive rate (TPR)
   True negative rate (TNR)
   False positive rate (FPR)
   False negative rate (FNR)
   Positive predictive values (PPVs)
   Negative predictive values (NPVs)
   False omission rate (FOR)
   Accuracy
   -measure
  Scanning speed
  Crawler coverage
  Vulnerability detection accuracy
 Features
  Visualization features
  Reporting features
  Ease of configuration
  Types of vulnerabilities that can be detected