Web Application Vulnerability Scanning and Identification is a hot topic for many customers, and there a number of excellent products which can help with the identification process. Larry Suto has produced the second of his independent evaluations of these products and posted the results . In addition the guys over at NTO have posted their response to the report which identifies some interesting debates and responses from the vendors based on the results. This kind of transparency on the effectiveness of these tools is excellent and really highlights the challenges that ALL web application vulnerability scanners have - especially those tools that can't automatically find the vulnerabilities in their own test sites!