The web apps I've seen that do this all look pretty scammy. I wouldn't want them poking around my site. Then again, it is a public site, so...
Anyhow, since there are several major attack vectors, there are also several different types of scanners. I recommend you read the book "breaking web software" to get a better understanding of the types of attacks.
And finally, wapiti is a vulnerability checker written in python that will do scans of web apps. COmmand line, not web, but pretty good - http://wapiti.sourceforge.net/
I'm sure there are web apps which will find security flaws; but you shouldn't trust their results. Finding security flaws is equivalent to determining whether a Turing machine will halt -- i.e., there is no algorithm which can guarantee to give you the right answer.
No web app, but a lot of individuals who'd love to offer this as a service. For general guidelines on writing secure web code, refer to http://www.owasp.org
Anyhow, since there are several major attack vectors, there are also several different types of scanners. I recommend you read the book "breaking web software" to get a better understanding of the types of attacks.
As far as tools, if you have a PHP install I recommend https://chorizo-scanner.com/
No recommendation, but http://www.acunetix.com/cross-site-scripting/scanner.htm looks like they can help.
IBM has a good article/series on web app vulnerabilities at http://www.ibm.com/developerworks/web/library/wa-appsecurity...
And finally, wapiti is a vulnerability checker written in python that will do scans of web apps. COmmand line, not web, but pretty good - http://wapiti.sourceforge.net/