WAP detects and corrects the following vulnerabilities:
- SQL Injection (SQLI)
- Cross-site scripting (XSS)
- Remote File Inclusion (RFI)
- Local File Inclusion (LFI)
- Directory Traversal or Path Traversal (DT/PT)
- Source Code Disclosure (SCD)
- OS Command Injection (OSCI)
- PHP Code Injection
Read more and download WAP from here – http://awap.sourceforge.net/