If you are referring to a site that you own, I recommend checking out the Samurai Web Testing Framework. This is...
a live CD that has the absolute best open source Web-testing tools. It is free, and all of the tools are compiled and ready to go.
Once you get the environment up and running, I recommend looking at w3af, a Web application attack and audit framework, and the Burp suite of tools, an integrated platform for testing Web apps. These tools check your applications for vulnerabilities like cross-site scripting, SQL injection and command injection.
Dig Deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)
Related Q&A from John Strand, featured expert
Expert John Strand reviews how to spot input validation flaws on your websites.continue reading
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign.continue reading
Expert John Strand reveals two exciting trends in antivirus software.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.