Acunetix WVS automatically checks your web applications for SQL Injection, XSS other web vulnerabilities.

Paros is a security tool for web application vulnerability assessment. All HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web applicat

This is a new open source tool to do static analysis of PHP code for security exploits.

CodeScan is the world's leading automatic tool for web source code vulnerability assessment and remediation. CodeScan rates and identifies the strength of your web applications and identifies issues that can result in vulnerabilities.

Hogwash is an intrusion detection system(IDS)/packet scrubber. It can detect attacks on your network, and if you want, filter 95% of them out.

Wfuzz is a tool designed for bruteforcing Web Applications. It can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking for injection (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing, etc.

With an innovative approach and flexible architecture, Cenzic Hailstorm is a powerful application vulnerability management tool that automates penetration testing for your web applications.

WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluat

Chorizo! is a proxy that allows you to scan your web sites and applications for common security vulnerabilities.