I’m in the middle of a project analyzing the security of an e-commerce system. I found a lot of good stuff using WebInspect including one cross-site scripting flaw. However, the cross-site scripting issue was a little lame and next to impossible to re-create. So I decided to turn Acunetix Web Vulnerability Scanner loose on it just to see what it could find. Low and behold…four more cross-site scripting vulns! Wow.
Like I’ve said before, if you’re going to uncover the most Web security flaws you’ve got to use multiple tools.