Sand Cat is a security assessment . tool for detecting holes and vulnerabilities in websites and Web apps. Before scanning, it automatically detects the server configuration and determines the set of tests to be performed on the specified Web app. Other than scanning, it can do log analysis and se¬curity hardening of Web servers. It also lets you perform specific scans for vul¬nerabilities such as Blind SQL Injection, Cross-Site Scripting, Directory Traver¬sal. SANS Top 20, OSWASP Top 10 vulnerabilities. Once the scan ends, SandCat mails the results instantly.

When we tried the software on an online Web app, it performed quite well; it managed to detect 56 vulnerabilities and also identified some potentially vul¬nerable scripts running on the Web app. The catch here is that it runs only on Windows.