We ran the OWASP Top Ten profile against Open Server Watch and NetMon.

$ w3af_console
w3af>>> target
w3af/config:target>>> set target http://monitoring.sittingduck.bv
w3af/config:target>>> back
w3af>>> profiles
w3af/profiles>>> use OWASP_TOP10
w3af/profiles>>> back
w3af>>> start

Nothing relevant (that hadn't already been found by manual analysis) was reported.