I'd adhere to xXxKrisxXx's advice only if you own the server or have written permission to audit it. If it is hosted on some kind of hoster where you have only the rights to host your stuff, you might get into serious trouble otherwise.
That said, I would recommend Burp Suite
which is really great and offers dozens of useful functions.
As you stated that you have no idea on how to do something like this, you may take a look at the OWASP
project which offers many great resources and read-ups on how to do those things you are asking about. One part of it would be their Testing Guide
, where you will find many useful tips.
Additionally you may then search for some of the most common web-based attacks, such as sql injections
Depending on the project, you should also consider to hire a professional pentesting company, as those should have in-depth experience with this kind and will most probably get quite a lot more out than you could in the same time (as it seems you have no experience with this kind at this point).