We recently published "Static and dynamic testing in the software development life cycle" on the developerWorks security zone. This article has a pretty good survey of a bunch of different IBM and open source security testing tools. The article lays them out against the software development lifecycle so you can see which phase of the SDLC each one is appropriate for. Stop by and let us know your thoughts? Which tools do you rely on the most. Which ones should we add?