New Web Application Security Survey

- Do you use commercial vulnerability scanner products during your assessments?
(Acunetix, Cenzic, Fortify, NTOBJECTives, Ounce Labs, Secure Software, SPI Dynamic, Watchfire, etc.)...
- Do you use open source tools during your assessments?
(Paros, Burp, Live HTTP headers, Web Scarab, CAL9000, Nikto, Wikto, etc.)

Read the original post by Jeremiah Grossman and an answer in ha.ckers.org blog.