The increasingly large number of vulnerabilities that affect web-based applications has severe consequences. Attackers rely on these flaws to routinely compromise millions of web sites, steal personal and financial data, and penetrate private infrastructures. To mitigate the Web’s security problems many techniques and tools have been developed over the years. The three major approaches to identify vulnerabilities are SAST (static application security testing), DAST (dynamic application security testing) and IAST (Interactive application security testing). SAST requires the source code of the application while DAST and IAST require the application to be up-and-running and ready for passive/active testing. All the three approaches feature pros and cons.