Regularly scanning web application vulnerabilities is one of the best practices in managing corporate cybersecurity. Several organizations choose 3rd party penetration testing service to identify their web application flaws that are costly and inadequate to deal with threats that continually occur. Investing in tools to check web applications vulnerabilities on your own is a better option because it can be done as often as you want. There are two types of Application Security Testing, included Static Code Analysis (SCA), which is used to verify program code in the development stage to identify security holes and get recommendations on how to fix them before convert to an application. Another one is called Dynamic Code Analysis (DCA). It is used to scan web application vulnerabilities to fix them before the application will be converted to production, or even if it has been production, it can be used to find vulnerabilities and get fixing recommendation. Some manufacturer has integrated SCA and DCA into the same platform, allowing the organization's application developers and system administrators to systematically cooperate to provide application security that consistent to the best practice of cybersecurity management.