In a web application security assessment, we search for vulnerabilities and weaknesses manually and with (semi-) automatic tools. The method of the penetration testers is partly comparable to that of a real hacker, although they often also have access to the source code.
Certain checks can be automated and are therefore suitable for frequent execution. The icing on the cake is active monitoring that allows you to catch hackers at an early stage.