AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007.
For downloads and more information,
visit the AppScan homepage.
Been using Appscan for over 5 years now, among others and have found it to be the best Web Application Scanner of its class.
Its support is excellent and although the tool is not cheap when it comes to web scanners, in my humble opinion you do get what you pay for.
And before I cause a row - it is not a substitute for manual penetration testing by any means, but another good tool in the arsenal!