W.R.T. commercial tools: I've been quite happy with NTO Spider.
http://www.ntobjectives.com/security-software/ntospider-application-security-scanner/
From: websecurity [websecurity-bounces@lists.webappsec.org] on behalf of websecurity-request@lists.webappsec.org [websecurity-request@lists.webappsec.org]
Sent: Wednesday, March 06, 2013 11:10 AM
To: websecurity@lists.webappsec.org
Subject: websecurity Digest, Vol 27, Issue 7
Send websecurity mailing list submissions to
websecurity@lists.webappsec.org
To subscribe or unsubscribe via the World Wide Web, visit
https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860
or, via email, send a message with subject or body 'help' to
websecurity-request@lists.webappsec.org
You can reach the person managing the list at
websecurity-owner@lists.webappsec.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of websecurity digest..."
Today's Topics:
Message: 1
Date: Sun, 3 Mar 2013 03:43:28 -0800
From: Danux danuxx@gmail.com
To: web security websecurity@webappsec.org
Subject: [WEB SECURITY] Unauthorized Access: Bypassing PHP strcmp()
Message-ID:
CAL7A2DwqggpV_SkTkenPmZr=vNcTgj9SA0OSQ-KW7eNi+0N2=Q@mail.gmail.com
Content-Type: text/plain; charset="iso-8859-1"
Hope you enjoy it.
--
DanUx