I want to complete an analysis of the security of my websites (some of them are forums) and don't know where to begin.

Can you please recommend any good articles or books that would help me to get started? Something like a check list of what I should be checking and how I should complete the checks would be great.

I'd also be interested in hearing recommendations for any free or paid tools that could help me with this process.