Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. This tool automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies.
Websecurify Scan in Progress
Running the Scanner
Initiating a scan with Websecurify is simple and is achieved in 2 steps.
- Create a workspace with the target’s URL
- and then just Start the scan
Once the Scan is Complete
Once the scan is complete, scan results are displayed, sorted based on the severity of the vulnerabilities discovered. Clicking on each of the category will further display the instances found and the technical details of analysis.
Websecurify Scan Complete - Issues Tab
Scan results can be rendered in a report format by clicking on the Report Tab and can be exported in CSV, HTM, XML and JSON formats.
Websecurify Scan Complete - Report Tab
Comments/Observations
- A scan was initiated for an average sized application during evaluation of websecurify and following were identified
- Memory consumption was increasing with time but its far better than many other free/commercial scanners
- Progress of scan was normal till it reached almost 97% (in around 2 hrs), then it stayed in 97-98 and back to 97 for a loooong time. So I had it running and checked it the next day.
- This tool doesn’t provide the statistics of the scan, like pages crawled, time consumed, etc.
- This tool has the simplest interface of all the other tools available in the market.
