The OWASP Zed Attack Proxy (ZAP) is "an easy to use integrated penetration testing tool for finding vulnerabilities in web applications." The technology is comparable to IBM AppScan and HP WebInspect - but free, open source and maintained by OWASP volunteers. The project has seen a tremendous amount of development lately. Learn about the tool, what it can do for you, and optionally bring your laptop to follow along as we use it to test some (purposefully insecure) web applications.
Ben Walther is a security engineer, with a background consulting and teaching for Symantec, Cigital, and within higher education. He is the co-author of the Web Security Testing Cookbook and an active contributor to OWASP projects.