For those Security professionals especially involved in Penetration Testing should know Burpsuite and Acunetix for Web Application Assessment.
However, there is an alternative for them to use while doing Web Application Assessment which is Owasp ZAP.
For those are interested to use it, can download over here.
Once download and install on your machine, you see the below interface after you clicked
The Automated Scan will spider the victim’s URL and alert you on all the vulnerabilities available for that target. A Security Professional only need to key in the URL target to attack and then click the Attack Button.
The result will appear something like below
After getting the result of the spider, Security Professional can go and verify the finding and raise the vulnerabilities to the client