free or for pay? managed or stuff that i scan myself?

I'm really partial to HP/SPI Dynamics WebInspect myself. I use both WebInspect and Watchfire's AppScan Enterprise.

Watchfire does have better enterprise integration but SPI now has their Assessment Management Platform (AMP) that is for enterprise integration and multiple users, etc... so I'm not sure of how they compare at that level now.

Depending on your needs (are you QA, a developer, security, etc...) you would be best off by taking a site you have access to and comparing the results of all the tools. Look at Cenzic's offerings too.

You'll want to see their ability to assess web applications, ajax, etc... All of them will generate false positives and the results will need to be checked. Look at the ability of the tool to manually step through a site with you doing the 'driving', what toolset does it come with? Fuzzing tools, SQLi tools, bruteforcing tools, etc... What quality/amount of checks do each have, etc...?

While the automated scanning aspect of the tools are great and they do get rid of a lot of the 'low hanging fruit', you really want to manually assess the site in more detail after that.

hth,
dean