One of my favorite tools to use on a Web Application Penetration Test is Burp Suite from Portswigger. The following is a step-by-step Burp Suite Tutorial. I will demnonstrate how to properly configure and utilize many of Burp’s features. After reading, you should be able to perform a thorough web application penetration test. This will be the first in a two-part article series.
more here..........http://www.pentestgeek.com/2014/07/02/burp-suite-tutorial-1/
more here..........http://www.pentestgeek.com/2014/07/02/burp-suite-tutorial-1/