A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features: W3af has the features that you would expect from a application audit tool. I definitely see why we need to use tools like this one since, websites are very vulnerable to attack. However, without a skilled developer fixing the vulnerabilities which the tool is alerting us to then the tool is useless in helping secutity.

The link for this article located at Dark Reading is no longer available.