How to choose a web vulnerability scanner

A must read interview for anyone who is interested in evaluating web vulnerability scanners.  In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken into consideration in the decision-making process.
Which is the best web vulnerability scanner out there?
This question has been haunting the web application security field for quite some time and rest assured that no one will ever give you a definite answer. What works for Mr A does not work for Mr B. This is because every website, or web application – as we call them today – is different. There are some scanners that perform better than others on websites developed in PHP and others that might perform better on websites developed in .NET, and so on. Also, people have different needs. Some just need a scanner to generate a PCI DSS compliance report. Others use it for consulting services, to assist them during a penetration test, and therefore need a scanner that gives them as much information as possible about the target and one that includes a good set of tools for easing the lengthy process of manual penetration testing.
How can I find out which web vulnerability scanner best suites my needs?
The best way to find (continue reading...)