Netsparker Community Edition is a powerful web application vulnerability scanner which can makes it easy to detect and highlight SQL injection vulnerabilities, allowing you to resolve them before they're used by hackers.
The company says it's free of false positives, too. We'll take their word for it.
Mavituna Security also produce commercial editions of Netsparker. They can detect far more security flaws (local and remote file inclusions, remote code injection, OS level command injection and open redirects, amongst others); support multiple authentication types (form, NTLM, basic, digest, negotiate, Kerberos, proxy); can schedule scans, produce PDF, Word, Excel or XML reports, and more. Prices start at an annual subscription of $1,950, and you can find out more at the Mavituna site.
Please note, scanning websites can be an intensive process which puts them under heavy load. Only use Netsparker on sites you control, and if you want to minimise its impact on your site then reduce the scan speed in the "Start a new scan" box.
Version 3.1 brings:
- Full HTML5 Support
- New Web 2.0 Security Checks
- More Detailed Analysis of Target Web Application
- Automatic CSRF Vulnerability Detection
- Improved Logging and Integration with Third Party Tools