Fortunately my company and boss know better than to trust me with actually implementing application security testing. I was just asked to find some resources and tools for further investigation by somebody who does in fact know what they're doing. Any advice for tools or resources--particular probing/fuzzing tools which you have a good experience with? It looks like OWASP has some good information, but from what I gather they don't make recommendations for enterprise solutions to avoid influence from corporate sponsors.