Web applications are one of the most targeted systems as they are directly exposed to internet. There is no web server without serious vulnerabilities, it is enough that you open exploit DB where you will find how it is simple to exploit vulnerable CMS or web applications.
Hackers are often searching and having those bugs where there is no correct code that may leak some very sensitive information, by the end developers are people and they often conduct some incautious mistakes. Developers mostly looking to have more functionality to increase usability and as you add that functionality you need to add more code which may lead to more vulnerabilities.
That’s why you need to conduct penetration testing on periodic bases to detect those bugs. During a pentest you can try Watcher. Watcher is an open source tool that can be a good addition to your penetration testing toolkit. it will passively scan the web applications searching for some serious vulnerabilities in the user input fields.
First you start by installing Fiddler a proxy framework to integrate watcher. Next you just open on the browser the website you need to verify where you can find important information by severity if high, medium or low. Online reference for the security issue and how to fix the bug, you can also export the results to an html or xml report.
Watcher is developed using C# and contain more then 30 checks to perform the vulnerability assessment against your target. this will be as part from your evaluation project and it is extremely fast to find the security issues.
you can download the latest release on the following link: http://websecuritytool.codeplex.com/