🗿 Ali
Not yet. I worked on a scanner project for 3 years and discovered some common issues in web application security scanners. All of them have same problems by design. Based on my researches and ideas I started to make the framework ;)
🦅 Simo
if it's not a huge secret, what's the common problem with the scanners? Out of interest since I also do work in the cybersecurity product domain, but on the detection side.
🗿 Ali
1. A global predefined and fixed config for any thing. e.g. global parameter variation limit. for example max to be 50 for "p=1234" and "p=settings.php" 2. Missing differential analysis on captured pages and results. 3. Missing ML feature-based analysis. 4. They think all of paths as file/dir and not file/dir and function/mounted route. Tell about your works.
🦅 Simo
Interesting, although I know too little of the scanner space to comment anything intelligent. I run a company with a network detection product using the deception method (i.e. fancy honeypots), you can check some specs out at avesnetsec.com