Considering the increasing and rapidly evolving security vulnerabilities of modern web applications, numerous research studies can be undertaken. This study aimed to evaluate the efficacy of five automated penetration tools to detect SQL injection vulnerabilities in modern web applications. An experimental study was done in which five tools were used to test SQL injection, XSS and CSRF. To test the efficiency, the detection rate, precision, recall, scan time and false positive rate were used. Overall, the results suggest that the most robust approach for evaluating the security of web applications involves integrating both automated and manual penetration testing strategies. By combining the strength of automated tools in rapidly scanning and identifying potential vulnerabilities and the insight of manual analysis to verify and investigate the context and impact of these findings, organisations can ensure a more comprehensive security posture. The implications of these findings are pivotal for cybersecurity strategies, encouraging a balanced and holistic approach to vulnerability assessment. Further scope of research lies in testing genetic fuzzy algorithms and combining detection and prevention techniques using single studies.