Checks Comparison
Community | Code | Dynamic | Hybrid | |
Vulnerability Categories Covered | 40 Limited checks | 47+ 700+ checks | 74+ 570+ injection checks | 121+ 1.500+ checks |
Hybrid Checks | ![]() | ![]() | ![]() | ![]() |
Pen-Tester Extra Checks | ![]() | ![]() | ![]() | ![]() |
Authentication Vulnerabilities | ![]() | ![]() | ![]() | ![]() |
Broken Authentication | ![]() | ![]() | ![]() | ![]() |
Brute Force Checks (Form & HTTP) | ![]() | ![]() | ![]() | ![]() |
Password Disclosure | ![]() | ![]() | ![]() | ![]() |
Unencrypted Login | ![]() | ![]() | ![]() | ![]() |
Weak Password Hashing | ![]() | ![]() | ![]() | ![]() |
Breach Confirmation | ![]() | ![]() | ![]() | ![]() |
Backdoor Detection (Web-Based) | ![]() | ![]() | ![]() | ![]() |
Hidden Debug Parameters | ![]() | ![]() | ![]() | ![]() |
Inappropriate Content Detection | ![]() | ![]() | ![]() | ![]() |
Malicious Content Detection | ![]() | ![]() | ![]() | ![]() |
Command Execution | ![]() | ![]() | ![]() | ![]() |
Cross-Site Scripting (XSS) | ![]() | ![]() | ![]() | ![]() |
Filter Evasion/Weak Validation | ![]() | ![]() | ![]() | ![]() |
HTML5 Specific XSS | ![]() | ![]() | ![]() | ![]() |
File Inclusion | ![]() | ![]() | ![]() | ![]() |
Local File Inclusion | ![]() | ![]() | ![]() | ![]() |
Remote File Inclusion | ![]() | ![]() | ![]() | ![]() |
NoSQL Injection | ![]() | ![]() | ![]() | ![]() |
MongoDB | ![]() | ![]() | ![]() | ![]() |
SQL Injection | ![]() | ![]() | ![]() | ![]() |
Access | ![]() | ![]() | ![]() | ![]() |
DB2 | ![]() | ![]() | ![]() | ![]() |
dbx | ![]() | ![]() | ![]() | ![]() |
Firebird/InterBase | ![]() | ![]() | ![]() | ![]() |
FrontBase | ![]() | ![]() | ![]() | ![]() |
Informix | ![]() | ![]() | ![]() | ![]() |
Ingres | ![]() | ![]() | ![]() | ![]() |
MaxDB | ![]() | ![]() | ![]() | ![]() |
mSQL | ![]() | ![]() | ![]() | ![]() |
MySQL | ![]() | ![]() | ![]() | ![]() |
Oracle | ![]() | ![]() | ![]() | ![]() |
Ovrimos | ![]() | ![]() | ![]() | ![]() |
PostgreSQL | ![]() | ![]() | ![]() | ![]() |
SQL Server | ![]() | ![]() | ![]() | ![]() |
SQLite | ![]() | ![]() | ![]() | ![]() |
Swish | ![]() | ![]() | ![]() | ![]() |
Sybase | ![]() | ![]() | ![]() | ![]() |
Others | ![]() | ![]() | ![]() | ![]() |
Unvalidated Redirects | ![]() | ![]() | ![]() | ![]() |
Arbitrary File Manipulation | ![]() | ![]() | ![]() | ![]() |
Code Injection | ![]() | ![]() | ![]() | ![]() |
ASP Classic | ![]() | ![]() | ![]() | ![]() |
ASP.NET | ![]() | ![]() | ![]() | ![]() |
Java/JSP | ![]() | ![]() | ![]() | ![]() |
Lua (Nginx, Apache, CGI-Lua, etc) | ![]() | ![]() | ![]() | ![]() |
Perl | ![]() | ![]() | ![]() | ![]() |
PHP | ![]() | ![]() | ![]() | ![]() |
Python | ![]() | ![]() | ![]() | ![]() |
Ruby | ![]() | ![]() | ![]() | ![]() |
Server-Side JavaScript | ![]() | ![]() | ![]() | ![]() |
Cookie Manipulation | ![]() | ![]() | ![]() | ![]() |
Common Exposures | ![]() | ![]() | ![]() | ![]() |
Dangerous Methods | ![]() | ![]() | ![]() | ![]() |
Default Content | ![]() | ![]() | ![]() | ![]() |
Internal IP Address Disclosure | ![]() | ![]() | ![]() | ![]() |
Common Form Weaknesses | ![]() | ![]() | ![]() | ![]() |
AutoComplete Enabled | ![]() | ![]() | ![]() | ![]() |
Email Form Hijacking | ![]() | ![]() | ![]() | ![]() |
Hidden Price Form Field | ![]() | ![]() | ![]() | ![]() |
CRLF Injection | ![]() | ![]() | ![]() | ![]() |
Cross Frame Scripting | ![]() | ![]() | ![]() | ![]() |
Default Account | ![]() | ![]() | ![]() | ![]() |
Denial-of-Service | ![]() | ![]() | ![]() | ![]() |
Buffer Overflow | ![]() | ![]() | ![]() | ![]() |
Client-Side Denial-of-Service | ![]() | ![]() | ![]() | ![]() |
Directory Listing | ![]() | ![]() | ![]() | ![]() |
Directory Traversal | ![]() | ![]() | ![]() | ![]() |
Expression Language Injection | ![]() | ![]() | ![]() | ![]() |
Extension Checking (Double & Common) | ![]() | ![]() | ![]() | ![]() |
HTTP Header Injection | ![]() | ![]() | ![]() | ![]() |
HTTP Response Splitting | ![]() | ![]() | ![]() | ![]() |
Information Disclosure | ![]() | ![]() | ![]() | ![]() |
LDAP Injection | ![]() | ![]() | ![]() | ![]() |
Old/Backup Files | ![]() | ![]() | ![]() | ![]() |
Common Backup Files | ![]() | ![]() | ![]() | ![]() |
Common Backup Folders | ![]() | ![]() | ![]() | ![]() |
Log Forging | ![]() | ![]() | ![]() | ![]() |
Path Disclosure | ![]() | ![]() | ![]() | ![]() |
Server-Side Includes Injection | ![]() | ![]() | ![]() | ![]() |
Server-Side Request Forgery | ![]() | ![]() | ![]() | ![]() |
Server-Specific Vulnerabilities | ![]() | ![]() | ![]() | ![]() |
IIS, iPlanet & Others | ![]() | ![]() | ![]() | ![]() |
Source Code Disclosure | ![]() | ![]() | ![]() | ![]() |
ASP Classic | ![]() | ![]() | ![]() | ![]() |
ASP.NET | ![]() | ![]() | ![]() | ![]() |
Java/JSP | ![]() | ![]() | ![]() | ![]() |
Lua | ![]() | ![]() | ![]() | ![]() |
Perl | ![]() | ![]() | ![]() | ![]() |
PHP | ![]() | ![]() | ![]() | ![]() |
SSI | ![]() | ![]() | ![]() | ![]() |
Structure Brute Force Checks | ![]() | ![]() | ![]() | ![]() |
Admin Pages | ![]() | ![]() | ![]() | ![]() |
Common Files | ![]() | ![]() | ![]() | ![]() |
Common Vulnerable Scripts | ![]() | ![]() | ![]() | ![]() |
Database Disclosure | ![]() | ![]() | ![]() | ![]() |
Suspicious HTML Comments | ![]() | ![]() | ![]() | ![]() |
XML Injection | ![]() | ![]() | ![]() | ![]() |
XML External Entity (XXE) Injection | ![]() | ![]() | ![]() | ![]() |
XPath Injection | ![]() | ![]() | ![]() | ![]() |
Web Technology Disclosure | ![]() | ![]() | ![]() | ![]() |
Key Areas Identification (in source code) | ![]() | ![]() | ![]() | ![]() |