w3af - Web Application Penetration Testing

w3af (Web Application audit and attack framework) is a framework for auditing and exploiting  web applications.  These are some excellent articles on using w3af to help with your web application penetration testing tasks.  

• Walkthrough and tutorial – Part 1
• w3af walkthrough and tutorial part 2 – Discovery and Audit plugins
• w3af Walkthrough and Tutorial

In addition you can also find a list of 35 Web Penetration Tools used for Web Application Vulnerability Testing listed here on Back2Hack