As security professionals we are often called upon to assess the security of web delivered applications and/or services. Not all of us have either experience or a methodology for responding to this type of assessment request. Web based applications and services are the key technologies behind modern service delivery. And their security, or lack thereof, can make or break a company. We will lay out an approach to follow including tools to help with the assessment throughout each step of the process. We will discuss free and commercial products that can assist the assessment process. The user will leave with information they can take back to their home organization to serve as a foundation for either an ad-hoc or ongoing capability.