Burp, typically used to proxy and replay attacks on web apps, now has a plugin called BurpSentintel that can point out possible issues in the app as traffic goes by. This could be worth looking into in the future. Oh and its free too.
http://www.darknet.org.uk/2014/09/burpsentintel-vulnerability-scanning-plugin-burp-proxy/