Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement.
So you want to secure your web application than find vulnerabilities on it before a hacker find it, try to use some relevant tools and find vulnerabilities and fix it. There are so many tools available for both Windows and Linux platform and commercial and open source tool. Below is the best web vulnerability scanner tool that we have discussed before.
OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application, for more about OWASP click here.The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.
W3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is working for Become the best Open Source Web Application Exploitation Framework. It is available on Backtrack 5 too.
Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it. It is also available on Backtrack 5.
Nikto is one of the best open source web vulnerability scanner tool that is available on the famous Linux distribution like Backtrack, Gnacktrack,Backbox and others. You can use it on other distribution and on windows too because it is only need perl script.
Netsparker is a commercial tool that has been designed to find the vulnerabilities on web application, the free version of netparker is also available so you can download it and can use for a quick penetration testing on a web application.