Here at Invicti we are obsessed about the vulnerability detection rate of our Web Application Security Scanner, to ensure that all Invicti users can uncover all possible web application vulnerabilities and fix them before malicious attackers have a chance of exploiting them.
As a matter of fact, over the years Invicti has always ranked very high in several web vulnerability scanners benchmarks. To achieve such a good vulnerability detection rate, we are constantly scanning a number of test web applications with Invicti, most of which are open source projects which are available to the public and used by organizations as we speak.
Using the results from these tests, last year we published an infographic about the current state of web application security. From these statistics, one can come up with 2 conclusions:
First: No wonder web applications and websites are being hacked every day. Netsparker identified 181 unique vulnerabilities in 127 web applications.
Second: Encouraging for us, Netsparker is continuously identifying vulnerabilities in all sorts of web applications, independent of the framework / language they are built with.
When possible we release an advisory of the detected vulnerabilities. Last year we released 17 advisories of multiple critical web application vulnerabilities detected with Netsparker, most of which are Cross-site scripting, SQL Injections and Local File Inclusions. Fast forward to end of January this year and we already published the following 4 advisories:
- NS-14-004: Critical XSS Vulnerabilities in UseBB
- NS-14-003: Critical XSS Vulnerabilities in Flat Nuke
- NS-14-002: Critical XSS Vulnerabilities in Maian Weblog
- NS-14-001: Critical Blind SQL Injection Vulnerability in Pragyan CMS
Identify More Vulnerabilities with Invicti
In just 3 years and 1 month, we published 47 advisories. In reality it identified much more vulnerabilities but it is not always possible to disclose the vulnerability details and publish an advisory. Are you sure your current web vulnerability scanner uncovers all vulnerabilities? Try Invicti now to see if it can uncover more web application vulnerabilities than your existing solutions.