A good starting point is & OWASP.

Also see in-transit security.

w3af w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
The Open Web Application Security Project The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
Wfuzz Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
Rapid7 Nexpose The Enterprise vulnerability scanner
Qualys Continuous security
Wireshark Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

metasploit A collaboration of the open source community and Rapid7. Our penetration testing software, Metasploit, helps verify
vulnerabilities and manage security assessments.
Immunity Canvas  
Browser Exploitation Framework Project BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
openSSL Common commands
Kali Linux Distribution Penetration Testing Redefined with the Kali Linux Distribution
VirtualBox VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product

Cross Site Scripting
Stealing cookies
Set Cookies as HttpOnly
Google Hacking Database
Google Hacking Book


Our approach to security

Reward for reporting