The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source. OWASP has released the Security Testing Guide v2 .At 270 pages, this guide is already a must-have for most developers and penetration/application testers, but we want to take it one [...]

an interesting article on automated vulnerability scanners and the limitations of these tools in finding real life web application vulnerabilities .

A good framework is a great resource for any pentester . Here are some of the best I found : The mindmap written by Toggmeister (a.k.a. Kev Orrey) & Lee J Lawson http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html OSSIG http://www.oissg.org/ OSSTMM http://www.isecom.org/osstmm/ OWASP http://www.owasp.org