What are some good tools to run tests validating a Windows server Web & DB server is properly secure? Are there any tools which are comprehensive and will scan for all the popular known vulnerabilities?
Nikto is an Open Source (GPL) web
server scanner which performs
comprehensive tests against web
servers for multiple items, including
over 3500 potentially dangerous
files/CGIs, versions on over 900
servers, and version specific problems
on over 250 servers. Scan items and
plugins are frequently updated and can
be automatically updated (if desired).
Paul Asadoorian from pauldotcom.com is the product evangelist for nessus now, so he has quite a few good posts about using nessus to perform these kinds of tests.
Nikto is a good tool.
Tools that will scan these type of vulnerabilities:
A newish tool for Web Application testing is Cenzic Hailstorm It's quite extensive and will do a thorough job.
Nessus will also work quite well. You might want to read Nessus Web App Testing PDF Guide and Security Testing with Nessus
Paul Asadoorian from pauldotcom.com is the product evangelist for nessus now, so he has quite a few good posts about using nessus to perform these kinds of tests.