There are some good tools you can use for security testing of web applications. I am briefing some of the tools I have worked on:
1) Burp Suite (Proxy) -
This is a really good proxy with minimal configuration that sits between your browser and application. It is used for intercepting your requests and observing what data you are passing to the application. This tool is very helpful in testing your application against attacks such as XSS, SQL injection , Session hijacking and many more.
Thank you Tejas. Great info!!
Now that i have got information on security testing tool, i want to know what all security tests can be done manually also. The site which u have mentioned has got vast information.I'm very new to security testing. I have no clues on where to start and what is the basics which i have to know.Would be good if you can let me know.
I have been working in this security testing field since quite a time now. As per my experience, the site that I have mentioned (www.owasp.org) is the best point to start with. Immense knowledge about the various security threats and how to test them is given in a very simple-to-understand form.
Security testing is a vast field and you need to put in lot of efforts initially. So I would suggest you to start googling about various web-vulnerabilities that are existent and that can be exploited.
I will suggest you to gather some information about vulnerabilities such as:
1) XSS attacks
2) Injection Flaws (SQL Injection)
3) CSRF attacks
4) Session Hijacking
5) Insecure URL Access
These are just a few topics you can very well start with. Once you get an idea of these, you can dig in some more topics.
As far as test cases are concerned, it will depend on the complexity of your application and its functionality.
So just take help from the site I mentioned and as you know that google is the best friend.So enjoy Security Testing.........