The OWASP Zed Attack Proxy is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It also a great tool for experienced pen-testers to use for manual security testing.
The Open Web Application Security Project is a worldwide not for profit organisation focused on improving the security of software. In particular the OWASP top Privacy Risk Project provides a top 10 list for privacy risks in web applications and related countermeasures. It covers technological and organizsational aspects that focus on real life risks, not just legal issues. Link