IBM AppScan is a good tool to detect security breaches of web applications. Does anybody ever study it? Typically AppScan can find out 10 main attacks including XSS, SQL(Code) Injection, Malicious file execution, Insecure direct object references, CSRF, Information to leak out and improper error handling, Broken authentication and Session management, Insecure cryptographic storage, Unsecured communication, URL access restrictions fail What are the corresponding solutions for them? Does anybody ever summarize?