SSL e TLS
http://www.howstuffworks.com/encryption4.htm
Nikto
http://www.cirt.net/nikto2
Nessus
http://www.tenable.com/products/nessus
QualysGuard
http://www.qualys.com/enterprises/qualysguard/
OSVDB
http://www.osvdb.org/
Metasploit
http://www.rapid7.com/products/metasploit/
Wireshark
http://www.wireshark.org/
dsniff
http://www.monkey.org/~dugsong/dsniff/
Hydra
http://www.thc.org/thc-hydra/
CAPTCHA
http://www.tecmundo.com.br/curiosidade/2861-o-que-e-captcha-.htm
CSRF
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
sqlmap
http://sqlmap.org/
SQL Wildcards
http://www.w3schools.com/sql/sql_wildcards.asp
AJAX
http://codigofonte.uol.com.br/artigos/ajax-asynchronous-javascript-and-xml
Testing Guide v3
https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
Comando Script
http://www.vivaolinux.com.br/dica/O-comando-script