If you have a linux/unix box (or care to install one) you can as well try Nessus. Unfortunately, its server component is not ported to Windows.
Definitely check out SearchAppSecurity.com. We have articles and product reviews — and links to those types of stories on other Web sites. Here are a couple:
Product review: SPI Dynamics WebInspect 5.8
Cenzic Hailstorm case study: Boston College takes preemptive approach to Web application attacks
– Michelle Davidson, editor, SearchAppSecurity.com
Windows web sec article on
ALSO ON SEARCHWINDOWSSECURITY.COM
STEP-BY-STEP GUIDE: Securing Web servers
A couple of good suggestions, but some I am not familiar with.
I would look at SecureWorks…They have a great deal of application experience.
Thank you for all the suggestions. They’ve been helpful.
You can use Appscan, Wikto and Appdetective (for databse of web applications)
i can suggest you a good web application scanner: MatriXay 3.0.
Its website is: