Hi!

I've been curious for a while now about Penetration Testing, but I can't seem to find much info about it aside from why you should do it, what your goals should be, etc.

What I want to know is info like what tools to use (preferably free as I can't afford to purchase right now), where to get them and what to do with them.
Why I'm asking now is because I've just started a web hosting company and I'd like to make sure my clients websites aren't going to be compromised because of negligence on my part.

I want to conduct the test from my Windows 7 system. I guess many black hats would probably be using unix environments, but I suppose the result would be the same...

Hmmm

Thanks for the quick reply Don, but I was looking more along the lines of downloadable white papers I can have a look at.

I'll get the books, sure, but right now I can't fit it into my budget (business has been slow /cry).

I'm pretty supportive of Open Source and I've got to wonder... I can find a tutorial that claims to be able to teach me Python in 10 minutes... Now if I can find something that could teach me something I could write malicious software (not that I'm bored enough for that) in that easily, why can't I find something that'll teach me how to defend myself against it just as quickly?

Books are great, and there are these giant warehouses of them that will let you take them for free. They might not have the exact book you're looking for (especially in Computer Security), but they tend to be able to share between the other warehouses.

Not trying to sound degrading. I know what it's like to want to read on a tight budget, and have spent a lot of time at the library.

A quick overview would be Hacking for Dummies. It's not a bad book really. You might be able to track down a copy at the library. It might be a older version, but it'll give you a start.