Mapping a Web site and collecting all the essential information found in various Web resources is of the utmost importance when understanding Web application security. Every Web site is unique with respect to functionality and organization. Gathering all possible information from a Web application simplifies identification of weak areas and indicates starting points for security analysis. Constructing a Web resource inventory matrix and a summary of Web resources also helps in performing a risk analysis of the Web application.