Test it like you are a hacker, and set the system up to listen for hackers. Run some typical injection commands through the user interface. Be sure all user entered information is filtered/checked in...