Most web hosting these days is still shared hosting, with hundreds of users on one server. ... So, attack your application as a malicious user would. Use skipfish to attack your app, and Nmap to scan your server.
This is slightly problematic advice. There's a significant chance your shared hosting provider won't appreciate this sort of behavior. At a minimum, it violates pretty much every AUP I've ever read. To make matters worse, certain kinds of attempts to gain access qualify as serious crimes in most jurisdictions, even if the intent is non-malicious.
Get permission before running penetration tests on shared servers. If security really matters to you, don't host on anything less than a VPS. Those are cheap these days.
This is slightly problematic advice. There's a significant chance your shared hosting provider won't appreciate this sort of behavior. At a minimum, it violates pretty much every AUP I've ever read. To make matters worse, certain kinds of attempts to gain access qualify as serious crimes in most jurisdictions, even if the intent is non-malicious.
Get permission before running penetration tests on shared servers. If security really matters to you, don't host on anything less than a VPS. Those are cheap these days.