"Testing" IMO could be either auditing of code , or auditing of products. Both have in common you'll not be looking for *security* but for the *absence* of security loopholes. After all security isn't a static thing.
Auditing code is sposed to be hard work (I'm bad at that) and needs a lotta eyes and knowledge. As an admin you can try to read the code or actively screen to be compiled code for possible loopholes with Flawfinder.
Get passive protection by compiling with/using Libsafe or Stackguard against memory leaks, buffer overflows (see also OpenWall, Lomac, RSBAC, LIDS, GRSecurity or Lcap). On Wintendo, well, on wintendo you get minesweeper :-]
Auditing products IIRC, roughly breaks in two parts: vulnerability assesment and penetration tests.
A part of a vulnerability assesment could be to get version names of possible exploitable running daemons. You'll find a lot of tools like Nessus, Vetescan or Whisker on securityfocus.com,
www.insecure.org/tools.html, or the COAST archives at
ftp://coast.cs.purdue.edu/pub/. If you're on the box, it could also include using for instance TCT, to strip stuff off of an HD ppl think unrecoverable, or trying to find out if apps will have race conditions or predictable /tmp files or can be killed by using large variables etc, etc.
A part of a penetration test could be to actually use an exploit, like from
www.securiteam.com, to test vulnerable Sshd, Apache, Lpd/rsh/rpc etc, etc, hping/firewalker to see what a firewall will let tru, netcat to see if you're able to get a payload out to get other hosts infected without the host noticing (I mean, we watch what's coming in, but do we watch what's going out?), brute-forcing smb's, try to change registry keys/acl's, trying to strace some app (some apps won't like this), try to load adore w/o the system knowing to hide processes, tho the last few examples verge more on the access restrictions (ie misconfiguration) than trying to break an app/box by flaws in code or features.
Flaws could be like corruption of the stack due to being able to insert pointers to your executable code (I mean buffer overflows), DoSsing an app by feeding it many connections, like trying to overflow ip_conntrack's /proc table, or simply make it crash by feeding it too much data.
Except for being able to connect a W32 Nessus client to a Nessusd running on *nix, there's not a lot of free W32 tools I can think of except for Stealth vulnerability scanner, netcat or Nmap. Maybe Technotronic or Packetstorm will reveal some. (If you find some good ones, post it back, ok). So, after using l33t Minesweeper on Wintendo, you can *buy* ISS, L0phtcrack or Bindview :-]
Or go directly to the expoits section, because with IIS, terminal server, VB, Java, MIME, OLE and whatnot this shouldn't be hard...
If you're on Linux my suggestion for a minimal toolkit, next to having an inquisitive mind, knowledge of programming languages and tenacity, would be, hexedit, Perl (to feed 1K zero's as arg), netcat, Nmap, Tcpdump, Nessus, ISIC/Hunt/Rain, gdb, strace, strings, and lots of patience.
HTH somehow...
) would never make up statistics.
