PicklePickle

Good points and thanks for the input guys. I can't hire anyone with no money and for a free site. Everything is mine--right in my own house and self-coded. I'm really looking for someone who may already be familiar with ASP.Net membership who might at least know of some good pointers on known issues. I have searched the issue, but it's like a rabbit hole. Nothing is truly secure as the term is more concept than anything and can constantly be redefined by new exploits. I guess if anyone has at least any experience with their own .net membership based site being hacked/jacked or generally misused, I would appreciate hearing that type of thing. I am just very wary about any kind of security surrounding Microsoft technologies--especially web technologies designed to protect user data. MS has a history of making certain things "easy" at the cost of very obvious vulnerabilities and I just don't want to be overlooking anything obvious. I understand people not wanting to make that kind of information public too, for embarrassment or just to reduce future targeting.

I was recently thinking of ways to find out what vulnerabilities might exist on a website I recently created, but it's a free website and I don't have any money (because I spend it all on tech stuff!) Then it hit me that since I've been watching Hak5 for years I thought I would ask if there is anyone out there interested in doing some ethical hacking to see if they can identify any vulnerabilities. It is a website based on ASP.Net 4 Framework using ASP.Net membership services. I'm not really looking for DoS attacks, because it's just a single server and I know it wouldn't take much to take it down. I'm more interested in knowing what methods a person could come up with to: 1) access another user's account/profile 2) modify system/site data without logging in 3) modify system/site data while logged in, but things that *shouldn't* be able to be changed I am also asking that any volunteers not actually destroy the server/site but simply reveal any discovered flaws so that I can fix them and protect users. If anyone is interested, please let me know via PM/email.