historically, scanners serched for vulnerabilites at the network latyer and for defective server software. recently, web scanners work at the application layer and look for exploitable web pages. tools written to specifically scan web pages include web scarab, spi dynamic and webinspect

do you any others?