Performance-Based Comparative Assessment of Open Source Web Vulnerability Scanners

<table class="table-group" id="tab5"><tr><td><table class="table"><tr><td class="thead-hr" colspan="11"><hr/></td></tr><tr class="thead"><td class="align_left">Scanner </td><td class="align_center"> Version </td><td class="align_center"> TPR </td><td class="align_center"> TNR</td><td class="align_center"> FPR </td><td class="align_center"> FNR</td><td class="align_center"> PPV </td><td class="align_center"> NPV</td><td class="align_center"> FOR </td><td class="align_center"> Accuracy </td><td class="align_center"><svg height="8.68572pt" id="M4" style="vertical-align:-0.0498209pt" version="1.1" viewbox="-0.0498162 -8.6359 8.02022 8.68572" width="8.02022pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M584 650H137L131 622C214 614 217 612 200 521L125 127C109 41 101 35 23 28L17 0H288L294 28C201 35 193 42 209 128L242 309H348C440 309 442 300 443 226H471L510 422H482C452 354 449 348 357 348H251L295 575C302 609 304 615 338 615H426C502 615 517 604 526 581C534 560 536 524 537 492L565 494C574 554 583 631 584 650Z" id="g113-71"></path><glyph.data ascent="3473" descent="-2876" horiz-adv-x="607" vert-adv-y="607"></glyph.data></g></svg>-measure </td></tr><tr><td class="thead-hr" colspan="11"><hr/></td></tr><tr><td class="align_left">Arachni</td><td class="align_center"> 0.4.3</td><td class="align_center"> 99.26%</td><td class="align_center"> 80%</td><td class="align_center"> 20%</td><td class="align_center"> 0.74%</td><td class="align_center"> 98.53%</td><td class="align_center"> 88.89%</td><td class="align_center"> 11.11%</td><td class="align_center"> 97.93%</td><td class="align_center"> 98.89%</td></tr><tr><td class="align_left">Arachni</td><td class="align_center"> 1.0.2</td><td class="align_center"> 100%</td><td class="align_center"> 100%</td><td class="align_center"> 0%</td><td class="align_center"> 0%</td><td class="align_center"> 100%</td><td class="align_center"> 100%</td><td class="align_center"> 0%</td><td class="align_center"> 100%</td><td class="align_center"> 100%</td></tr><tr><td class="align_left">Wapiti</td><td class="align_center"> 2.3.0</td><td class="align_center"> 97.04%</td><td class="align_center"> 80%</td><td class="align_center"> 20%</td><td class="align_center"> 2.96%</td><td class="align_center"> 98.50%</td><td class="align_center"> 66.67%</td><td class="align_center"> 33.33%</td><td class="align_center"> 95.86%</td><td class="align_center"> 97.76%</td></tr><tr><td class="align_left">Skipfish</td><td class="align_center"> 2.1</td><td class="align_center"> 77.04%</td><td class="align_center"> 100%</td><td class="align_center"> 0%</td><td class="align_center"> 22.96%</td><td class="align_center"> 100%</td><td class="align_center"> 24.39%</td><td class="align_center"> 75.61%</td><td class="align_center"> 78.62%</td><td class="align_center"> 87.03%</td></tr><tr class="table-tr"><td colspan="11"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

Scanners’ detection accuracy of SQL attacks.

Security and Communication Networks

tab5

Table 5

Table 5: Performance-Based Comparative Assessment of Open Source Web Vulnerability Scanners 