I think this is a great question for learning and I hope you get some good answers. Being the resident wet-blanket I proffer: professional web security is no place for a rookie. You will miss things and you will get things wrong. There are some decent, mostly commercial, probing/fuzzing tools but there is no way to automatically and accurately assess a site's security. A karate handbook can't teach a self-defense class and web-security program can't find/fix any but the most obvious and anticipated security issues in a website.
To actually answer some of your post: cross-language tools are fine. HTTP(S) is all both sides have to speak so the client's programming language is irrelevant.