an interesting article on automated vulnerability scanners and the limitations of these tools in finding real life web application vulnerabilities .

A very good resource of wardialers http://www.wyae.de/software/paw/

A good framework is a great resource for any pentester . Here are some of the best I found : The mindmap written by Toggmeister (a.k.a. Kev Orrey) & Lee J Lawson http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html OSSIG http://www.oissg.org/ OSSTMM http://www.isecom.org/osstmm/ OWASP http://www.owasp.org

The following column was published on SecurityFocus today: PHP apps: Security’s Low-Hanging Fruit by Kelly Martin published 2007-01-08 PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here’s how PHP coding errors have become the new low-hanging fruit for attackers, contributing [...]