Abstract: "Scanners have arguable gotten very good at finding most injection-based flaws, but the real wins are in uncovering the flaws a scanner can hardly ever highlight: flaws in business logic, privilege escalation, authentication weaknesses, etc. By letting the scanners do their jobs and really focusing your time in the right areas, you win while giving the customer a much more accurate picture of their application\'s security posture."