Tools, tools, tools.
Maltego GUI is off-the-freaking-chain. Check it out at http://www.paterva.com/web2/maltego/maltego-gui-1.0-download.html
Also, the folks at Security Compass have released some new firefox plugins which should aid in detecting SQL injection and XSS. I’m between gigs, but will give these a good test drive the next time I’m tasked with a web application.
If one doesn’t already exist, I’d like an open source “Reporting Framework”. A metasploit for power reporters. I spend at least 10% of my consulting hours on reporting. I hate reporting. Feed this tool your reports and get back a standard report in the template of your choosing. All cross-referencing with CVE, CVSS, BID, NIST, etc. should be automagic. Relevant references should be automatically inserted (links to patches, standards, etc.). There should even be an option for uploading screen shots which are tagged to an IP/FQDN and service…
Enjoy the Holiday of your choosing,