Hello all, long time reader, first time poster.

The company i work for just had Ernst & Young come in and do a security analysis on our websites. (Thankfully we had a pretty good score!) Their checks spidered out site and look at things like Sql Injection, Script Injection, control panels accessible, etc.

Well i know for a fact they weren't cheap. But i also know that some of the things they found had to literally check every page on (so i doubt it was some guy at a computer checking every page and trying different security holes). They had to have automated it somehow.

I was wondering if anyone has heard of a tool (open source or not) that might be able to accomplish this on a lower budget!

Any and all help is greatly appreciated!