As the web becomes more and more feature full (or bloated, depending on your stance), it also becomes a rich ground for security concerns and exploitation. The HTTP protocol was meant for simple file serving (much like gopher)--grafting ecommerce applications and secure transactions on top of it has always been a bumpy road, particularly if you want to do it securely. However, to date, there have only been a few tools to help an administrator or researcher properly assess and check the security of these applications and underlying technology. In this talk RFP will review a few currently-available tools and their pitfalls, as well as introduce his latest suite of web assessment tools which overcome those pitfalls.