One of my favorite talks at Win-Dev
was Dominick's "Improving Application Security through Penetration Testing". Pick up his slide deck here
. There are a lot of great tools listed -- some I have used, and some that were new to me. This is a great resource to have.