Now, let's step into more complex tools: the vulnerability scanners.

These tools are considered more complex as they have to automate most of the security testing methodology in one tool. They will do the crawling, discovery, vulnerability detection, and some of the exploitation. The two most used open source web application security scanners are w3af (http://w3af.org/), which is written in Python, and Arachni (http://www.arachni-scanner.com/), which is written in Ruby.

There are multiple commercial alternatives such as Acunetix (http://www.acunetix.com/), which is one of the cheapest and provides good value for money.