mbraylyan
commented
9 months ago The first choice is ZAP, or the ZED Attack Proxy. I know Burp Suite is the more common corporate solution, but that seems to have several versions for various costs. I think starting out with ZAP is probably better, but I plan to experiment with the community version of Burp Suite as well.
There are many WebApp scanners that might potentially be useful for the purposes of this project. One of them needs to be selected and settled on before further progress on this front is made.