Best Web-Based Vulnerability Tester?

"Best" is kinda specious as the network vulnerability scan space is fairly commoditized these days. First question though: what are you scanning? Are you interested in scanning your network for external facing vulnerabilities, or are you looking for a deep dive into scanning specific web applications for all their warts on an ongoing basis? I ask because these are two different animals from a tools perspective (there are web app scanners and there are network vuln scanners).

Assuming it's network vulnerability scanning you're interested in, vendor-wise, if you want a cloud service and don't want to manage your own scan server, Qualys is considered the leader in this space.

There are of course a ton of small security vendors out there that'll do such a thing for you periodically, some are pretty much "Yeah, we'll do a periodic Nessus scan for ya and toss it over the wall for you." These should be very inexpensive because Tenable Nessus is all of $1200ish a year for them (or you) to license. Which might make you reconsider hosting the scans yourself and just getting a slice host out there somewhere that you slap linux on and a nessus license and learn how to set up a scan like you want.

If you want a more known player thats not a direct vendor and would be a decent ally to have if the poo hits the fan and you need something else from em (such as incident response), consider TrustWave, though they lean in a PCI direction as an organization. If you don't have any credit card or PCI concerns at all, there are probably cheaper solutions: