This is a web scanner I bought for my iPhone as somewhat of a novelty. Being a web security evangelist it seemed like a fun thing to have. On a whim I decided to include it in my tests against the open source scanners and to my surprise it held its own! Read below for more details. This is an iPhone app you can get from the iTunes App Store for $15. While it will likely never be your go-to pen testing tool it’s a fun little app and it turns out has some chops.
If you want a portable scanner for your handheld this is it. For this purpose it is excellent.
If you’re looking for an enterprise scanner then an iPhone app is certainly not going to meet your needs. Probably the biggest limitations of the app is the inability to do an authenticated scan. There is also no saving sessions. Lastly, scanning a large site can eventually crash the app.
True Positives: * * * * *
Finding vulnerabilities is where this little app pleasantly surprised me. While it couldn’t fully keep up with the full scanning applications it did surprisingly well.
Reporting Capability: * * * * *
WebSecurify for iOS reporting is limited to a simple ASCII email export. In spite of this limitation the report itself is actually very good. Click here for an example of a scan of the Hackazon test site.
Test-over-test Consistency * * * * *
WebSecurify was very strong in test over test consistency. It had identical scan results each time.