As this is being posted, I will be just finishing up my session at IT DevConnections on Website Fuzziness. This talk is how to hack your own website to discover potential flaws and vulnerabilities before someone else does.
As promised, here are the resources for the tools that I showed during this talk
These sites can be loaded locally or attacked without permission. You can use them as reference to test your scanners and also to demonstrate to people what should not be done in production systems
The following tools are designed to find cracks in your defenses. Use wisely and do not use against sites that you do not have permission to attack.