Over the past two decades, technological and engineering developments have collaborated to create an increasingly sophisticated and diverse information technology landscape, but while this has led us today to have extremely complex and feature-rich hardware and software systems, it has inevitably increased the likelihood that they may contain conceptual or implementation flaws, some of which can potentially be exploited by malicious individuals or organizations, who nowadays find ever-changing methods and tools to threaten the secrecy, availability and integrity of resources and data. In this scenario, risk analysis methodologies such as VAPTs, i.e., Vulnerability Assessment and Penetration Testing, that assess the criticality and actual dangerousness of vulnerabilities found in web systems and applications, are paramount.