OWASP Zap (aka Zed Attack Proxy) is a security scanner, which scans your web application for security issues. I wrote a blog post on this topic for the Swingletree page.