Presenting from the perspective of a fictitious web application penetration test, this session will provide you with a well-founded overview of the open-source tools used by security professionals and penetration testers in their daily work on the detection of security vulnerabilities. Despite the high quality of the supportive tools in this field, this is still unknown territory for many development projects and therefore unused potential. After my presentation, you will be familiar with the tools of the professionals along with the purpose, usage scenarios with concrete examples, and pros and cons – in the hope that their use does not remain only in the hands of the penetration tester.