Yes i have been searching around i see that being certified is like going to college, many graduates that are smart, but many that know less than a hobo with some experience.

Something actually just came up as i sat and stressed, i realized my cousins best friend does security at a big bank (either manager or physically does the work), they have been best friend for 20 years, he makes real deal money so has no need to steal from little me etc, and he can be trusted. I will call him later and try to get him onboard and hopefully it will be cost efficient. My goal is not even making the security extremely tight right now but i think it would be ridiculous and naive of launching without having a "expert" look at it and either say... hey your screwed, but good luck, or its not that bad just do X.Y, and Z.

Ive built a pretty complex and dynamic site in PHP so im sure there are issues. I had someone review it and said its not bad really at all... he got too busy flying around consulting, i just couldent take the down time... but i think this otherguy will really work out because he will care as if its his own not someone bidding on elance.

I also know someone working at cisco systems, hes a big guy there, he has to know someone who can do this who is good and i can trust, ill reach out to him as well. Googling my way out of this problem obviously isnt happening, time to get away from the computer to solve a computer problem if that makes any sense? Time to use that thing, a pone or phone i think it called.

i agree with this, but i can not find a local guy or anywhere for that matter in which i trust. Problem is its really holding back my launch, and i must get some people there first (like groupon getting businesses to the website first). So i am just trying to figure out the fastest way of doing this and ofcoarse without paying some external 10k to try to hack the site.

You say not "NOT certified ethical hacker" can you tell me why, im guessing they are not good enough p.s. im in NY about 25 mins from manhattan, where would you guys go or how would you pick up an ethical hacker if you knew nothing about it with. Again please its really holding my launch up.

My situation is this. I outsourced a fairly large project. We have just finished up and im sure there are security holes all over the place. I actually had someone run some software and found minor mysql injections issues.

My question is this. From a subjective view (im not technical) what would be the best/smartest way to have someone who knows hacking review my code and give me instructions on fixes.

Currently i have

-ran software (that guy was good but got busy and bailed on me)

-posted some jobs on elance (about 2-3 highly reviewed people bid but still not sure if its the smartest route.

-finally there is a good college nearby with a really good computer science department. Tomorrow i plan on driving there and trying to get an undergrad to start reviewing code.

I would like to hear some feedback, from a non technical standpoint, knowing what you all know, what is the best strategy to securing my website up. Over 500 hour project so far, so pretty big. I noticed when it was too late they are using some GET and POST variables where most likely they shouldn't be. So again, id appreciate the feedback.