Qualys web application scanning (was) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (xss) and sql injection.. Web application vulnerability scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, sql injection, command execution, directory traversal and insecure server configuration.. Hands-on acunetix web vulnerability scanner review. acunetix wvs is an automated web application security testing, founded to combat the rise in attacks at the web application layer. acunetix wvs audits a website’s security by launching a series of attacks against the site..