Many web application security vulnerabilities result from
generic input validation problems. Examples of such vulnerabilities
are SQL injection and Cross-Site Scripting (XSS).
Although the majority of web vulnerabilities are easy to
understand and to avoid, many web developers are, unfortunately,
not security-aware. As a result, there exist a large
number of vulnerable applications and web sites on the web.
There are two main approaches [10] to testing software
applications for the presence of bugs and vulnerabilities: