Nowadays, the Internet plays a crucial role in our society. Among
Internet services, web-based services are very popular that
become the target of security attacks. Hence, securing websites
and connection to the users is important. If we own or manage a
website, we certainly concern about how secure it is. For
assessing the security level of a website, we usually take some
action, including testing the website using security scanning
tools. Unfortunately, most of scanning tools have limitations and
need to be updated frequently for new vulnerabilities. Using only
one scanning tool is sometime not enough to determine security
level of a website. In this paper we propose a framework
supporting website security assessment. The idea of this
framework is to integrate different scanning tools into the
framework. We then write a program to implement this
framework with a real website. We guide the users how to add a
new scanning tool to this framework, manage it and generate a
final report.