A Web Application Scanner is an automated security program that searches for software vulnerabilities within Web applications. A Web application scanner first crawls the entire website, analyzing in-depth each file it finds, and displaying the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities by launching a series of Web attacks. Web application scanners check for vulnerabilities on the Web server, proxy server, Web application server and even on other Web services. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.
In a vulnerability assessment we scan a web application to identify anything an attacker could potentially use against us (some assessments also look for compliance/configuration/standards issues, but the main goal in a VA is security). We can do this with a tool, service, or combination.
A web application vulnerability assessment is very different than a general vulnerability assessment where we focus on networks and hosts. In those we scan ports, connect to services, and use other techniques to gather information
revealing the patch levels, configurations, and potential exposures of our infrastructure. Even “standard” web applications are essentially custom; we need to dig a little deeper, examine application function and logic, and use more customized assessments to determine if a web application is vulnerable. With so much custom code and
implementation, we have to rely less on known patch levels and configurations, and more on actually banging away at
the application and testing attack pathways. Custom code means custom vulnerabilities.