|
* As a dynamic testing tool, it is not language dependent. A web application scanner is able to scan a JSP, PHP or whatever web application with the same engine.
== Some Instances ==
=== Commercial tools ===
* [http://www.acunetix.com Acunetix WVS] by Acunetix
* [http://watchfire.com/products/appscan/default.aspx AppScan] by Watchfire, Inc. (Purchased by [http://www-306.ibm.com/software/rational/welcome/watchfire/ IBM])
* [http://www.cenzic.com/products_services/cenzic_hailstorm.php Hailstorm] by Cenzic
* [http://nstalker.com/eng/products/nstealth/ N-Stealth/N-Stalker] by N-Stalker
* [http://www.ntobjectives.com/products/ntospider.php NTOSpider] by NTObjectives
* [http://www.spidynamics.com/products/webinspect/index.html WebInspect] by SPI Dynamics (Purchased by [http://www.hp.com/hpinfo/newsroom/press/2007/070619xb.html HP])
=== Free/OpenSource Tools ===
* [http://rgaucher.info/beta/grabber Grabber] by Romain Gaucher
* [http://www.nstalker.com/free-edition N-Stalker Free Edition] by N-Stalker
* [http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Pantera] by Simon Roses Femerling (OWASP Project)
* [http://parosproxy.org/index.shtml Paros] by Chinotec
* [http://www.immunitysec.com/resources-freesoftware.shtml Spike Proxy] by Immunity (Now as OWASP Pantera)
* [http://www.pushtotest.com/Downloads/features.html TestMaker] by Pushtotest
* [http://w3af.sourceforge.net W3AF] by Andres Riancho
* [http://wapiti.sourceforge.net Wapiti] by Nicolas Surribas
* [http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project WebScarab] by Rogan Dawes of Aspect Security (OWASP Project)
== Web Application Vulnerabilities Scanner Evaluation Projects ==
| 