There are only certain security holes you can check for with any program. You can check your PHP configuration, Apache configuration, passwords, common bugs, etc. but you can't really check programatically for logic errors which might cause security holes.

您可以使用任何程序检查某些安全漏洞。您可以检查您的 PHP 配置、Apache 配置、密码、常见错误等，但您无法真正以编程方式检查可能导致安全漏洞的逻辑错误。

Your best bet would be to do a thorough code review of the website. Or, better yet, have several other people do a thorough code review of the website, looking for security holes.

最好的办法是对网站进行彻底的代码。或者，更好的是，让其他几个人对网站进行彻底的代码，寻找安全漏洞。

Top 10 Web Vulnerability Scannersfrom Insecure.org (listing from 2006). Their number one, Nikto2, can be found here.

来自 Insecure.org 的10 大 Web 漏洞扫描程序（从 2006 年开始列出）。他们的第一名 Nikto2 可以在这里找到。

Netsparker Community Editiondoes that and it's free (GUI + Windows).

Netsparker Community Edition做到了这一点，而且它是免费的（GUI + Windows）。

I recently found Detectifywhich seems to make a decent scan and has nice UI. They work on donation basis which means you should decide how much you can spend.

我最近发现Detectify似乎进行了不错的扫描并且具有很好的用户界面。他们以捐赠为基础工作，这意味着您应该决定可以花多少钱。

We cover OWASP Top 10. That means we find a wide variety of flaws, including SQL, LDAP, XPATH and NoSQL injections, Cross Site Scripting flaws, broken session management, remote code and command execution, etc.

我们涵盖了 OWASP Top 10。这意味着我们发现了各种各样的缺陷，包括 SQL、LDAP、XPATH 和 NoSQL 注入、跨站点脚本缺陷、会话管理中断、远程代码和命令执行等。

This is another one, but as previously stated, nothing beats a professional eye-over:

这是另一个，但如前所述，没有什么比专业的眼睛更好的了：

http://www.websitedefender.com

http://www.websitedefender.com

I'm a little late to the party, but since you specifically asked for easy to use and not-too-technical scanners, take a look at Golem Technologies website security scanner- the full scan isn't free, but they have a demo scan which checks about 10% of a site and will catch a lot of the common vulnerabilities.

我参加聚会有点晚了，但是由于您特别要求易于使用且技术含量不高的扫描仪，请查看Golem Technologies 网站安全扫描仪- 完整扫描不是免费的，但他们有演示scan 会检查大约 10% 的站点，并将捕获许多常见漏洞。