The website is already known.
We need a pre-check of our website + administration, the
result report including a list of measures and finally another test after the measures have been done by us.
Vulnerability check includes:
Mysql injection, blind mysql injection, reflective and stored xss, remote/local file inclusion, js injection, cookie stealing, files/folders that are accessible by public but shouldn't be because of important content(like passwords, source code and similar), configuration of various software that is installed on websites because if some parameters are wrongly configured and/or default they may provide attacker with further access to parts of the website, php issues like php argument injection and similar. I will however check if anything else is out of order, error in code somewhere which further leads to minor vulnerability as well and pretty much anything else that may come up or if I find anything suspicious enough considering I know php coding.