One of my favorite talks at
Win-Dev was Dominick's "Improving Application Security through Penetration Testing". Pick up his slide deck
here. There are a lot of great tools listed -- some I have used, and some that were new to me. This is a great resource to have.