Hackers either know more than me, or have more time than me. This will always be the case, so I'm curious about what tools or resources people use to test their stuff, either automatically or manually.
At the application level make sure you're secured against the most common security problems like xss, sql injections, csrf and that you're using the recommended hashing/encryption library for your language. For testing, you can use any number of scanning services like skipfish, do manual testing using BURP suite or automate security tests with Gauntlet. More importantly is to follow basic server security. If you're running your server yourself, run done basic hardening scripts and then make sure to apply security updates when available. Honestly, this is where PAAS shines since they will do the server hardening for you.
