WebInspect is a web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer. It can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. It was produced by Spidynamics, which is now part of HP.
For downloads and more information,
visit the HP WebInspect homepage.
WebInspect is like trying to Fly an F35 when you have flown a crop duster. Very effective if you have been trained on it. You get the support and product that you pay for.
Last I checked, Yes, MSSQL Is required, runs best if MSSQL is running on a separate system.
We still use this tool. It's on the high price range, but still very useful. No other tool (except for IBM, and acunetix) can be used consistently in big web environments to consolidate information and previous findings. You can integrate with Burp for more custom testing.
Despite the setbacks after HP acquisition, their development team keeps up with security updates.
The bad side is that the architecture is complex, and consumes a lot of computing resources.
The only reason I didn't give this a lower score is because it served a purpose for a long time. Then HP bought them out and like everything they touch the support went downhill. We switched to Acunetix.