Tamper Data!

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

w3af is a Web Application Attack and Audit Framework

Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Find security vulnerabilities right from your browser. Experience the next generation security tools without the need to install any additional software

Ammonite is a web application security scanner extension for Fiddler. Ammonite detects common vulnerabilities such as SQL injection, OS command injection, cross-site scripting, file inclusion, format string vulnerabilities, and buffer overflows. Ammonite includes unique features that make it particularly well suited for penetration testers and security professionals.

Golem Security Scanner is a powerful and intuitive website security scanner which uses a combination of proprietary and open source scanners to maximize the scan findings. Much less expensive for the paid version than other providers, with a free option which scans a portion of the site.