Netsparker is an automated web application security scanner that helps organizations identify, analyze, and mitigate vulnerabilities in web applications and web services. It uses a combination of advanced vulnerability detection techniques, such as black-box scanning, automated and manual penetration testing, and source code analysis. Netsparker helps organizations audit the security of their web applications and services by scanning for common web vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Remote File Inclusion (RFI). It also checks for common security misconfigurations, such as weak passwords and default credentials. Netsparker also allows organizations to monitor the security of their web applications over time, as well as assess the security of their web applications during the development process. Netsparker can be used to validate the security of web applications before they go live, or to detect security issues that have been introduced in the past. Netsparker is available in several versions, including a cloud-based version and a desktop application. It also provides a REST API and supports integration with other security solutions, such as bug trackers and ticketing systems.
Skipfish is no longer maintained. The latest version, 2.10 beta, released in December 2012, can still be downloaded from Google Code Archive.
Websecurify has minimal configurability and shows numerous false negative results.
Acunetix
Burp Suite
Probe.ly
w3af
skipfish
IronWASP
HTTPCS Security
SecApps
Intruder
PatrolServer
Websecurify
Ammonite
Super talented team with over 20 years of experience in Infosec, a great developer-centric product.