I recently heard of Watcher, which just passively listens in on you as you click about your site (via Fiddler) and comes up with a list of potential vulnerabilities. Apparently it's a bit trigger-happy, so you need to read through to weed out the false positives, but, still, might be of some use to you, maybe. |