passive web application security assessment tool

 A semi-automated, largely passive web application security audit tool,
 optimized for an accurate and sensitive detection, and automatic
 annotation, of potential problems and security-relevant design patterns
 based on the observation of existing, user-initiated traffic in complex
 web 2.0 environments.
 .
 Detects and prioritizes broad classes of security problems, such as
 dynamic cross-site trust model considerations, script inclusion issues,
 content serving problems, insufficient XSRF and XSS defenses, and much
 more.