w3af (Web Application audit and attack framework) is a framework for auditing and exploiting web applications. These are some excellent articles on using w3af to help with your web application penetration testing tasks.
- Walkthrough and tutorial – Part 1
- w3af walkthrough and tutorial part 2 – Discovery and Audit plugins
- w3af Walkthrough and Tutorial
In addition you can also find a list of 35 Web Penetration Tools used for Web Application Vulnerability Testing listed here on Back2Hack