The web apps I've seen that do this all look pretty scammy. I wouldn't want them poking around my site. Then again, it is a public site, so...<p>Anyhow, since there are several major attack vectors, there are also several different types of scanners. I recommend you read the book "breaking web software" to get a better understanding of the types of attacks.<p>As far as tools, if you have a PHP install I recommend <a href="https://chorizo-scanner.com/" rel="nofollow">https://chorizo-scanner.com/</a><p>No recommendation, but <a href="http://www.acunetix.com/cross-site-scripting/scanner.htm" rel="nofollow">http://www.acunetix.com/cross-site-scripting/scanner.htm</a> looks like they can help.<p>IBM has a good article/series on web app vulnerabilities at <a href="http://www.ibm.com/developerworks/web/library/wa-appsecurity/" rel="nofollow">http://www.ibm.com/developerworks/web/library/wa-appsecurity...</a><p>And finally, wapiti is a vulnerability checker written in python that will do scans of web apps. COmmand line, not web, but pretty good - <a href="http://wapiti.sourceforge.net/" rel="nofollow">http://wapiti.sourceforge.net/</a>
I'm sure there are web apps which will find security flaws; but you shouldn't trust their results. Finding security flaws is equivalent to determining whether a Turing machine will halt -- i.e., there is no algorithm which can guarantee to give you the right answer.
No web app, but a lot of individuals who'd love to offer this as a service. For general guidelines on writing secure web code, refer to <a href="http://www.owasp.org" rel="nofollow">http://www.owasp.org</a>