How to find security vulnerabilities in your web site

It is often said that one should build it site as secure as possible. It is also said that one should prepare a good software design before he starts writing code... Since we all know that there are glitches in every aspect of most applications in some level we should find tools to help us find the problems we created. This is a small list of free tools that will allow you to review your website from the eyes of an attacker:

HTTPrint - this tool gives a close estimation about the web server running the site. This can give you a good idea about how hard/easy it is to find out with great probability what web server are you using. If the results indicate that your web server is obvious you should start disguising some of the marks your web server leaves. For starters get read of the "powered by: " in the http headers...

Metasploit - Once you gained the data on the platform you want to analyze (such as webserver type, os, service packs....) you can find which exploits can be used to attack the platform.

Wikto - this tool searches for well known directories and files (which is known as dictionary attack). It will try to find all of the .old or .bak you left behind, all of your "install" folder you never deleted. This tool is most important for those who use open source products and for those that are managing both deployment/operations and development (typical for small sites/companies).

Paros - a semi-automatic site scraper that works as a proxy which allows you to scan your site to find out how easy it is to find pages you are trying to hide. You can use its manual option to find out so called sophisticated links that are created dynamically using JavaScript.

Fiddler - also used for performance analysis. a simple proxy for the client. enables catching requests and responses and tampering them. You can also use Tamper Data firefox add-on to do most of the things fidller lets you. Other tools that can help you analyze the web pages themselves are firebug or web developer helper if you want to use it with MS-CMS or MOSS 2007.

If you are helping another person to find out the vulnerabilities in his site you can also use a port scanner to find out his "secure" BackOffice ports and so on. A good one to start with is NMAP

If worse comes to worse and you are trying to secure a huge enterprise project with much money to spend and sloppy programmers consider using an application firewall.