There are various of security tools. If I were you I'd download system called BackTrack - www.backtrack-linux.org which has plenty of them. You can test almost everything, including sociotechnics, security of application, security of server, security of network etc. every kind of "security" has its own tools. There is one good software that tests website against security called SET more on http://www.backtrack-linux.org/backtrack/social-engineering-toolkit-training/ If you want test WEB sites you should check this video http://vimeo.com/21631598 There are plenty of tools to scan websites you will get them when you download the system I've given you link above. There is one more powerful tool to use -> http://www.metasploit.com/ you can read more about it on this site. Hope I've helped