Security compass Web Application Auditing Tool (SWAAT) is a free static web application source code auditing tool.

The aim of SWAAT is to help developers, testers, security staff, and auditors locate potentially dangerous portions of source code; it is designed to assist source code review.

After reviewing millions of lines of source code, we at Security Compass believe that automated run-time analysis tools are useful at identifying simple, common vulnerabilities. In most cases, however, the vast majority of vulnerabilities require human intelligence and knowledge of the application. SWAAT helps to reduce the burden of source code review by identifying potentially dangerous functions and strings in code and explaining both how they may be dangerous and how to mitigate potential risks.

Disclaimer of warranty: the programs are provided "as is" without warranty of any kind. Security compass further disclaims all warranties, express and implied, including without limitation, any implied warranties of merchantability or fitness for a particular purpose.

Limitation of liability: in no event shall Security Compass or its licensors be liable for any indirect, incidental, special, punitive or consequential damages, or damages for loss of profits, revenue, data or data use, incurred by customer or any third party, whether in an action in contract or tort, even if Security Compass has been advised of the possibility of such damages. Security Compass's entire liability for damages hereunder shall in no event exceed the fees actually paid by customer to Security Compass for this license.