So you want to build a Security Program? Part 2 - Web App Scanning
OWASP ZAP is the clear winnner for opensource web app scanning. The GUI is good, simple, and the reports are great! You can even brand them for your own company!
The only negative thing about OWASP ZAP is the fact that you cannot run it from the command line, but it is cross platform and works on Windows and Linux.