If you are referring to a site that you own, I recommend checking out the Samurai Web Testing Framework. This is...
a live CD that has the absolute best open source Web-testing tools. It is free, and all of the tools are compiled and ready to go.
Once you get the environment up and running, I recommend looking at w3af, a Web application attack and audit framework, and the Burp suite of tools, an integrated platform for testing Web apps. These tools check your applications for vulnerabilities like cross-site scripting, SQL injection and command injection.
Dig Deeper on Application attacks (buffer overflows, cross-site scripting)
Related Q&A from John Strand
Expert John Strand reveals two exciting trends in antivirus software. Continue Reading
Some people believe that if IP addresses from China are attacking their network, then they are under attack from China. Expert John Strand explains ... Continue Reading
In this expert response, Michael Cobb explains how to detect the many rootkits available to today's attackers. Continue Reading