Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Web Application Scanners

[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]

Briefly, a web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves generation of malicious inputs and evaluation of application's responses.


Web Application Scanner Functional Specification Version 1.0, NIST Special Publication 500-269 

  • 21 August 2007 DRAFT 
    • Please email comments on the latest draft to "samate-specs [at] (samate-specs[at]nist[dot]gov)" by COB September 20, 2007. Sending comments to this address implies your consent for your email to be posted at this web site.
  • 7 March 2007 DRAFT 

Focus Group 

A group of experts to advise on specification, test plans, and test suites.

Description and list of members

Created March 23, 2021, Updated May 17, 2021