What are the best online tools that I can use to make sure my web app is secure?
OWASP is a great resource for writing secure code.
Your looking for Pen testing tools (penetration testing) - owasp.org/index.php/Appendix_A:_Testing_Tools
Manual analysis with Burp/Zed Attack Proxy is going to be your best bet. Tools will only do so much for you, they lack contextual awareness of what the application should do vs is doing.
If you're unfamiliar with performing manual analysis, OWASP has a free, public testing guide available: owasp.org/index.php/OWASP_Testing_Guide_v4_Table_… ;This is an excellent resource to help aid you in testing the security of your site, so that when you do use tools mentioned, you have an understanding of what they're doing/trying to accomplish.
Denny Trebbin
Lead Fullstack Developer. Experimenting with bleeding-edge tech. Irregularly DJ. Hobby drone pilot. Amateur photographer.
https://nmap.org/
Pro
Cons