Netsparker Community Edition is a powerful web application vulnerability scanner which can detect and report on a host of potential website security problems, allowing you to resolve them before they're used by hackers.
The program is able to identify many cross-site scripting issues, error and boolean-based SQL injection problems, as well as uncovering issues with robots.txt, Google Sitemap files, email address disclosure, version disclosure, programming and database error messages, and many more.
Better still, it's one of the more accurate free vulnerability scanners around. A recent comparison test ranked the program 6th out of 38 when it came to detecting reflected XSS issues, for instance, an area where it performed significantly better than some big names, including Nessus.
Mavituna Security also produce commercial editions of Netsparker. They can detect far more security flaws (local and remote file inclusions, remote code injection, OS level command injection and open redirects, amongst others); support multiple authentication types (form, NTLM, basic, digest, negotiate, Kerberos, proxy); can schedule scans, produce PDF, Word, Excel or XML reports, and more. Prices start at an annual subscription of $1,950, and you can find out more at the Mavituna site.
Please note, scanning websites can be an intensive process which puts them under heavy load. Only use Netsparker on sites you control, and if you want to minimise its impact on your site then reduce the scan speed in the "Start a new scan" box.