Long ago, organizations used to deploy and work on thick clients. However, now, as we are shifting more toward mobility and ease of access, thin clients (web applications) are in high demand. The same web application, once hosted, can be accessed via multiple endpoints such as a PC, a smartphone, a tablet, and so on. But this has certainly increased the risk factor. Even a single vulnerability in the web application can have devastating effects on the entire organization. Also, as the network and infrastructure security evolved, web applications became easy targets for intruders to gain access inside the organization. Web application security testing is much more than just running an automated scanner to discover vulnerabilities. The automated scanner would not take procedural aspect a into consideration and would also report many false positives.