Regarding web site security, you HAVE to check https://owasp.org/index.php/Main_Page "Bible" (include the project Application Security Verification Standard https://owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project)
...and I found a nice tool https://github.com/highway-to-urhell/highway-to-urhell that list all answering root URI from your web site (include it in your compilation, execute, remove the vulnerabilities, re-execute...up to it's clean then delete from your project)
Biting the hand that feeds IT
