I am in late testing phase of my web application. The application will be tested at a larger scale now.
During this time I want to test my website against various types of known penetration tools.
I am aware that it will be better to let a professional handle this subject, and this will be happening. But before I take that route I want to do all I can to make the application so secure as possible, so that when the pro does his work, he does not come back with a large list of things I could have done before hiring him.
I am not looking for advanced methods of breaking in to a system. Just some hints on known attacks other than the OWASP vulnerabilities.
My system is nginx,apache,php,mysql on Linux CentOS.