Paros Proxy - http://www.parosproxy.org/index.shtml
WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Spike Proxy - http://www.immunitysec.com/resources-freesoftware.shtml
BurpSuite - http://portswigger.net/
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
But has anybody used any of the following commercial products to do automated testing and reporting within their environment? If so, did you like it and was it worth it?
N-Stalker - http://www.nstalker.com/?src=winsecurity
Acunetix - http://www.acunetix.com/vulnerability-scanner/
NTOSpider - http://www.ntobjectives.com/products/ntospider.php
WebInspect - http://www.spidynamics.com/products/webinspect/index.html
Personally, from a testing standpoint I really like the ParosProxy but the last time I checked it does not have very good fuzzing capabilities. Using some of the other free tools (like BurpSuite) fixes that but as I also have other issues to monitor and test being able to automate some of these tasks and increase my reporting output might actually be worth spending some money.
Thanks for your input.