Sure you could do this doublecheck yourself, but I would recommend outsourcing that task to a vendor who can perform the web application security testing, give you a report, and maybe assist with remediation. If you want to make a go of it yourself, take a look at this list of potential software products that you can pick from:
I was going to say Qualys before I saw it was on this list, but the truth is you have a lot of options from Apache mod_security (see modsecurity.org) to simply getting on your coders to use more secure coding techniques.
Microsoft has a pretty good writeup for ASP .NET and web app security.
To study up further on this topic, checkout the Open Web Application Security Project (see owasp.org), and the Web Application Security Consortium (see webappsec.org). Curious to see more posts from you describing what you've learned. Thanks!