I stumbled upon these Firefox plugins the other day that allow you to test websites against a set of predetermined XSS or SQL injection parameters on a given website. The tools include XSS-Me, SQL Inject-Me, and Access-Me, all designed to test the security of the website in an easy fashion:
http://www.securitycompass.com/exploitme.shtml 

I thought these were pretty cool. I ran it against a corporate email website that is commonly used and was surprised by the amount of XSS that was successful. Be careful not to fiddle with Firefox while this is running because it will destroy the test. Also, Firefox 2 ate up a lot of memory while doing this, so I wouldn’t run it on that 486 sitting in the corner.