Overview
A web application security scanner facilitates the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Web application scanners can look for a wide variety of vulnerabilities, including:
- Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
- Specific application problems
- Server configuration mistakes/errors/version
In a copyrighted report published in March 2012 by security vendor Cenzic, the most common application vulnerabilities in recently tested applications include:
- Cross Site Scripting, 37%
- SQL Injection, 16%
- Path Disclosure, 5%
- Denial of Service, 5%
- Code Execution, 4%
- Memory Corruption, 4%
- Cross Site Request Forgery, 4%
- Information Disclosure, 3%
- Arbitrary File, 3%
- Local File Include, 2%
- Remote File Include, 1%
- Overflow 1%
- Other, 15%
The Web Application Security Consortium provides a list of free and commercially available scanners here: http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
Read more about this topic: Web Application Security Scanner