Ola:

We have been tasked with testing the security of our commerce security websites. We are finding that Wikto is not providing sufficient results and NESSUS is good for the server side vulnerability checking, but is there a good tool to scan internal websites for vulnerabilities/exploits - and also provide information on how to fix them; vis-a-vie NESSUS reporting?

We are trying SiteDigger now and hoping for better reporting. The reason I go on about the reporting is that we need as much detail as possible to report back to the client.

[EDIT]
We are also using Nikto for testing as well. The output does not seem user friendly to try and explain or read through.
[/EDIT]

In advance,

Gracias.