If you are referring to a site that you own, I recommend checking out the Samurai Web Testing Framework. This is...
a live CD that has the absolute best open source Web-testing tools. It is free, and all of the tools are compiled and ready to go.
Once you get the environment up and running, I recommend looking at w3af, a Web application attack and audit framework, and the Burp suite of tools, an integrated platform for testing Web apps. These tools check your applications for vulnerabilities like cross-site scripting, SQL injection and command injection.
Dig Deeper on Application attacks (buffer overflows, cross-site scripting)
Related Q&A from John Strand
Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks. Continue Reading
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign. Continue Reading
Expert John Strand reveals two exciting trends in antivirus software. Continue Reading