Nessus

Nessus is a widely used vulnerability scanner developed by Tenable Network Security. It is designed to identify vulnerabilities, misconfigurations, and potential risks in network infrastructure and software systems.

While Nessus is not exclusively a web application vulnerability scanner, it includes features that can be used for this purpose.

Nessus scans for a wide range of vulnerabilities in network devices, operating systems, databases, applications, and web servers. It checks against known vulnerabilities in its extensive database. It identifies misconfigurations in systems and network devices that could lead to security weaknesses.

Nessus can audit systems against various compliance standards to ensure that security configurations align with best practices and regulatory requirements.

When it comes to web applications, Nessus can be used to scan web apps for common vulnerabilities like SQL injection, Cross-Site Scripting, Cross-Site Request Forgery, and other vulnerabilities.

It can also check the configuration of SSL/TLS on web servers to identify issues like weak ciphers, expired certificates and other SSL/TLS related vulnerabilities.