OWASP LiveCD - contains a selection of programs to test the safety and performance audit of the code of web-applications, acts as an analog of the well-known tool for testing network security BackTrack, but specializes in the web. Last Release OWASP LiveCD was released in 2007, last summer decided to complete processing of the distribution.
The composition of OWASP LiveCD includes programs such as Httprint to determine the type http-server on circumstantial evidence, vulnerability scanners in web-applications Grendel Scan and w3af, utilities to identify opportunities to introduce SQL code SQLiX and sqlmap, means of brute force, the local proxy WebScarab , Paros Proxy, Rat Proxy and Burp Suite, Firefox c 1925 amendments to debug sites.

Thus, the very ten most dangerous threats:
A1 Injection (injection of any kind, including SQL, LDAP, etc.)
A2 Cross Site Scripting (not lost relevance XSS)
A3 Broken Authentication and Session Management (errors in the architecture of the authentication and session management)
A4 Insecure Direct Object References (unprotected resources and facilities, we can recall the case with SVN)
A5 Cross Site Request Forgery (CSRF)
A6 Security Misconfiguration (unsafe configuration of the environment, different frameworks, platforms)
A7 Failure to Restrict URL Access (unauthorized access to functionality that requires special privileges - such as bypassing the validation c using a double slash \"/\" in the URL to gain access to the management of a blog in Wordpress)
A8 Unvalidated Redirects and Forwards (open redirects, which lead to phishing, HTTP Response Splitting and XSS)
A9 Insecure Cryptographic Storage (unsafe storage of important data)
A10 Insufficient Transport Layer Protection (lack of protection for data in transit at the transport level, such as HTTP instead of HTTPS). 

http://appseclive.org/content/downloads

for lazies:
http://downall.org/software/96997-owasp-web-testing-livecd-2011.html?newsid=96997