Web Application Security Scanners (or Web Application Vulnerability Scanners) are tools designed to automatically scan web applications for vulnerabilities. These tools work as black-box analyzer; meaning that, unlike Source Code Scanners, they don't access the source code and then, need to detect the vulnerabilities by performing attacks.

The web application security scanner is not a perfect tool, it has strength and weaknesses.

• Weaknesses
  • Because the tool is implementing a dynamic testing method, cannot cover 100%

• Acunetix WVS by Acunetix
• AppScan by Watchfire, Inc.
• Hailstorm by Cenzic
• N-Stealth by N-Stalker
• NTOSpider by NTObjectives
• WebInspect by SPI Dynamics
• WebKing by Parasoft

• Grabber by Romain Gaucher
• Pantera by Simon Roses Femerling (OWASP Project)
• Paros by Chinotec
• Spike Proxy by Immunity (Now as OWASP Pantera)
• TestMaker by Pushtotest
• W3AF by Andres Riancho
• Wapiti by Nicolas Surribas
• WebScarab by Rogan Dawes of Aspect Security (OWASP Project)