Web sites are prone to security risks, and are a target for common attacks such as Cross Site Scripting, and SQL injection, which can result in exposure of sensitive data and even more aggressive attacks. Vulnerability scanning checks for known vulnerabilities and generates a report that the developer can use to fix web site vulnerabilities. Join Lisa Bock as she reviews some common scanners that even an average user can run. Vulnerability scanning is inexpensive, as most scanners are well under $1500, and many are free and can provide a great deal of information. Participants will learn that scanning a website to check for vulnerabilities is an important exercise, and regulations such as PCI, GLBA, Sarbanes Oxley, HIPAA or FISMA many times require periodic scanning. Vulnerability Scanning is an important first step in reducing overall risk, as most vulnerabilities can be addresses and reduced if not removed entirely.