Tony Perez recently wrote about the Web Application Attack and Audit Framework (W3AF), which is a tool you can use to scan a website for various vulnerabilities, like XSS and SQL injection. You can watch a demo to get a feel for what it does.

I think it’s a good thing to run during the testing phase, and periodically after you launch.

Note: If you’re trying to install it on Fedora, the dependent packages are all in the standard repos, but many of them are named differently that their Debian counterparts. Just do a yum search for the relevant keywords and you should be able to find them.