HackMiami Releases Results of Web Application Security Scanner ‘2013 Pwn-Off - PenTest Shootout’

Share Article

Hackers watched in awe as industry’s top attack tools were pitted against each other in a no holds barred competitive hacking cage match at the HackMiami 2013 Hackers Conference.

HackMiami.org - South Florida's Original Hackerspace

HackMiami.org - South Florida's Original Hackerspace

“The competitive nature of the event ensures the showroom nature of corporate conferences is not present, as all participants are truly interested in learning new concepts and making existing concepts better.” said Alexander Heid, president of HackMiami

HackMiami researchers have released a comprehensive whitepaper that detail the results of the 2013 Pwn-Off Pen-Test Tools Shootout that took place on Miami Beach during the HackMiami 2013 Hackers Conference. The white paper compares an array of automated vulnerability assessment products that were put up against targets set up by independent third parties.

The goal of the event was to bring forward discussion about the most efficient use of automated attack tools for conducting enterprise wide vulnerability assessments. Hackers and information security professionals gathered to observe some of the top offensive security automated attack suites of the do battle with each other against exploitable targets.

The HackMiami 2013 Pwn-Off contest featured both network penetration testing scanners and web application security scanners. The event was a followup to the 2010 HackMiami PwnOff, which had the goal of identifying which suites are able to discovered the most exploitable vulnerabilities in predetermined targets with the least amount of human intervention.

The targets were set up by independent third party information security consultants, all of whom have a legitimate interest in identifying the advantages and shortcomings of these suites. Several of the targets originated from the notorious Kommand && Kontroll CTF, renowned as the most realistic and challenging hacking tournament to date. The provided targets included vulnerable web applications with SQL injection points, Cross Site Scripting (XSS) vulnerabilities, and other exploitable attack vectors at varying degrees of obfuscation.

In spite of the challenging criteria, all vendor participants were confident and eager to showcase their product. Participants in the HackMiami 2013 PwnOff Pen-Test Shootout were selected due to their products being considered industry standards within the field of enterprise web application vulnerability assessments.

Participants included Acunetix, IBM Rational AppScan, NTObecjtive NTO Spider, Portswigger Burp, and Rapid 7 Nexpose with Metasploit. Some participants provided license keys and technical support, while others had representatives on site.

“Oftentimes, cost prohibitive licensing combined with restrictive terms of use makes it difficult to truly assess the pros and cons of web application vulnerability assessment products, or any proprietary security product for that matter. This contest provides a way for vendors to showcase the benefits of their products directly to their target market in an independent environment,” stated Alexander Heid, president of HackMiami and conference co-organizer. “The competitive nature of the event combined with the real hacker atmosphere ensures the showroom nature of corporate conferences is not present, as all participants are truly interested in learning new concepts and making existing concepts better.”


The annual HackMiami Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference showcases cutting edge hacking tools, techniques, and methodologies that are at the forefront of the global threat landscape.

This unique hacking conference features three days of multiple tracks, comprehensive all day training courses, competitive tournaments, and informational events. The next HackMiami 2014 Hackers Conference is scheduled to take place May 9 - 11, 2014 on Miami Beach, Florida. More information is available at http://www.hackmiami.com


HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of information technology and security.

HackMiami seeks to develop and harness the participation of the information security community through regular events, presentations, labs and competitions.

These events allow the hacker community a forum to present their research, develop new techniques and methodologies, and at the same time provides valuable a networking resource for contracting opportunities.

Visit the official HackMiami website at http://www.hackmiami.org

Download the HackMiami 2013 PwnOff PDF here - http://hackmiami.org/whitepapers/HackMiami2013PwnOff.pdf

Share article on social media or email:

View article via:

Pdf Print

Contact Author

HackMiami Information Desk
Follow us on
Visit website