Web application security scanner

[Soggy Bottom]

Can any one tell me why security scanner are required for web application. How it works and what are different scanner are available for scanning web application.

[Zachary]

A web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.

[Shen]

Nikto Web Scanner is a Web server scanner that scan web application for dangerous files/CGIs, outdated server software and other problems. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

[Big Fish]

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

[zjanetblazp]

well, WebScarab and Nikto Web Scanner are both free web scanners.
If you want a commercial web application scanner ,i can introduce you Matrixay 3.0. It is a web application vulnerability scanner based on in-depth analysis of typical security vulnerabilities as well as popular attack techniques in B/S structure application system.