HI, this entire process is called "Web Application Security Assessment" , we do it with IBM Appscan, HP Web Inspect, Acunetix and other freeware tools.
We give you a detailed list of vulnerabilities, description and also present to the programmers about fixing.
COE Security