A web application vulnerability scanner, also known as a web application security scanner, is an automated security tool. It scans web applications for malware, vulnerabilities, and logical flaws. Web application vulnerability scanners use black box tests, as these tests do not require access to the source code but instead launch external attacks to test for security vulnerabilities. These simulated attacks can detect path traversal, cross-site scripting(XSS), and command injection.
Web application vulnerability scanners are categorized as Dynamic Application Security Testing (DAST) tools. There are multiple commercial and open-source scanners available in the marketplace. Each is designed to automate security tasks, lower the cost of security, and increase security coverage. An example of a commercial web application vulnerability scanner is WhiteHat’s product Sentinel.