Does anyone know of a program (preferably online) that I can point at my website and test it for SQL injections, XSS attacks, anti-automated input, session hijacking, ect?
An application will not be able to catch all so it’s much better checking this yourself. Having an application doing a full site sqli/xss scan with all vectors will take ages.
If you are using parameterized queries and escaping all data in templates/views there should be no problems.
SQLi: look for queries with variables in them, and remove the variables as they are a security risk.
For searches you could use Acunetix or Nessus, or any of the other tools made for this. You’ll find dozens on Google
Qualsys, has a free online scanner, but I never used it…