I have to perform a pentesting on a local application, and I am looking for good tools, so I've discovered BackTrack. This distro seems to be quite complete, but the pentesting I have to perform is a bit specific, it's not a network penetration, but an applicative one, that has to be performed on a web-based application.

Are there free tools in BackTrack that would allow me to scan my application in order to find vulerabilities? I mean, XSS, broken access, etc.. I looked for Nexpose, but it seems to be a commercial non-free product.

Sorry for my english, as I'm french, and thanks for any help.