There are various of security tools. If I were you I'd download system called BackTrack - www.backtrack-linux.org which has plenty of them. You can test almost everything, including sociotechnics, security of application, security of server, security of network etc. every kind of "security" has its own tools. There is one good software that tests website against security called SET more on http://www.backtrack-linux.org/backtrack/social-engineering-toolkit-training/
If you want test WEB sites you should check this video http://vimeo.com/21631598
There are plenty of tools to scan websites you will get them when you download the system I've given you link above.
There is one more powerful tool to use -> http://www.metasploit.com/ you can read more about it on this site.
Hope I've helped
XSS scripts, for example:
<SCRIPT SRC=http://x.com/xss.js></SCRIPT>
Check input field is validated on client side as well as on server side
Make sure that encryption is always enabled, using Fiddler or other similar tools
SQL-injection, for example:
xxx') OR 1 = 1 -- ]
Check strange characters such as “<>/;,!” can not are cut or handled securely
Check characters limitation
