Talking to Bryan Sullivan on the SDL team last week, I came to know about a cool new security testing tool - "Watcher". This is a plugin to web debuging proxy Fiddler and checks for more than 35 different vulnerabilites. Yes, its Free!!
This new plugin can be downloaded from http://websecuritytool.codeplex.com/. Be sure to install Fiddler before you install Watcher. For more details on the tool - Read this blog post.
Happy bug hunting !!Anmol Malhotra