Include automatic scan
Web application security assessments through a deep dive into,
1) Injection
2) Broken authentication
3) Exposure of sensitive data
4)XML External Entities (XXE)
5) broken access control
6) Incorrect security settings
7) Cross-site scripting (XSS)
8) Insecure deserialization
9) Use of components with known vulnerabilities
10) Insufficient registration and monitoring