Recently, October 2007, Larry Suto released a case study analyzing several web application scanners. Upon reading it, I disregarded the findings as there was little to no information revealed around application and scanner configuration.

I complained that I could not trust the results because the configurations were not provided. I was surprised to speak with people who took it at face value, lemmings. Thankfully, Jeff Forristal of HP (SPI Dynamics) released his own analysis of WebInspect’s performance by reproducing Larry’s test based on information published.

By reading both, you will see why more detail is better. You can find Larry’s here and Jeff’s here.