If you're planning on scanning all of your web apps at scale, you probably want to know what you can find and what you'll miss.<p>As for competitors, I think there is WavSep but I'm not sure how suitable it is for Yahoo's use case (it looks like an overgrown J2EE app). People involved in that project infrequently rank scanners on their blog:<p>* <a href="https://code.google.com/p/wavsep/" rel="nofollow">https://code.google.com/p/wavsep/</a><p>* <a href="http://sectooladdict.blogspot.ro/2014/02/wavsep-web-application-scanner.html" rel="nofollow">http://sectooladdict.blogspot.ro/2014/02/wavsep-web-applicat...</a><p>I have the feeling that the Yahoo bug bounties are about to get a whole lot harder to claim.
This can't be because the most advanced unit in the entire United States Military reminded the world that, last month, they <i>already</i> played the trump card can it?<p><a href="http://www.army.mil/article/141734/Army_cyber_defenders_open_source_code_in_new_GitHub_project/" rel="nofollow">http://www.army.mil/article/141734/Army_cyber_defenders_open...</a><p>Nah; that must be a coincidence. After all, why would somebody after the US Military try to convince people that their security was better? Do you honestly think Yahoo has better stuff than the Tony Stark of the armed forces?<p>Please. Let's see, Ycombinator's got some ex-Yahoo's as alumni, I'm sure they'll chime in and disagree with me any moment. Yep yep. Bring it.