Web Application Security Scanners (or Web Application Vulnerability Scanners) are tools designed to automatically scan web applications for potential vulnerabilities. These tools differ from general vulnerability assessment tools in that they do not perform a broad range of checks on a myriad of software and hardware. Instead, they perform other checks, such as potential field manipulation and cookie poisoning, which allows a more focused assessment of web applications by exposing vulnerabilities of which standard VA tools are unaware.
Some Instances
Here is a list of known tools
Commercial tools
- Acunetix WVS by Acunetix
- AppScan DE by Watchfire, Inc.
- Hailstorm by Cenzic
- N-Stealth by N-Stalker
- NTOSpider by NTObjectives
- WebInspect by SPI Dynamics
- WebKing by Parasoft