During the HackMiami 2013 Hacker Conference held in Miami Beach, a live Web Application Scanner PwnOff contest pitted common web scanning suites against each other. Participates included Acunetix, IBM Rational AppScan, NT OBJECTives NTOSpider, Portswigger Burp, and Rapid7 Nexpose with Metasploit.


In a head-to-head battle each of the automated web application scanning suites went up against PHP, JSP, and .NET web applications specifically created for hacking tournaments to simulate realistic & challenging situations. The competition tried to exploit SQLi and XSS vulnerabilities as well as other common web vulnerabilities. The winner of the contest was determined by the 4 different metrics: Ease of Interface, Vulnerability Detection, Reporting, and Overall Value.  You can view the results from the contest in the their comprehensive whitepaper. Nexpose Web application scanner received a 19.8 out of a possible 20 points. Let me repeat that, 19.8 out of 20. That's almost a perfect score. A big shout out goes to our Nexpose development team for all their great work, and we'll see you next year in Miami!




"Nexpose has a comprehensive knowledgebase and a great engine for detecting vulnerabilities."