How to Check whether your website is secure or not?

Microsoft Internet Explorer displays the lock icon in the lower-right of the browser window
Many SSL Certificate vendors (Verisign, GeoTrust, SSL.com, etc.) also provide a "site seal" to the owners of these web sites.

One of the easiest way to know if the web page is secure or not is to notice the padlock at the bottom right hand side of the web page. Once you notice that it means that the page is secure.

Another way is to check if the URL begins with, "https" rather than http.

Yes, first visual tests are the padlock and secured protocol (https).
But for thoroughness security testing is your game plan. You can and should tell the interviewer about security testing. If he asks you tell him you have done low-level SQL injections - easiest tutorial at: http://www.securiteam.com/securityreviews/5DP0N1P76E.html

At the top of your internet browser , Check if this website address starts with "http://" or whether it starts with "https://".if the page does start with https:// then the website is in a secure area Look for a padlock somewhere in your internet browser. If there is no padlock on the browser somewhere then the page could be unsecure.

If the browser does have a padlock, then it means that the website is secure. NOTE: The padlock is not shown on the website page (as this means absolutely nothing), rather the padlock that youre looking for is somewhere on the browser.Click on the yellow padlock or key icon for an additional check on the level of security.

These icons represent a certificate of authenticity for a website.When you click on the icon, it should display more information about the websites encryption and authentication information. You can click on View Certificates to see more information about the website and whether it matches with the address being used. Their are two protocols that secure a website - "SSL" (Secure Sockets Layer) and "TLS" (Transport Layer Security). Both of these protocols encrypt information between pages so that if information is "intercepted" by an unauthorized party, the encrypted data is meaningless and useless unless they know have to decrypt the information.

By using SSL or TLS, only the intended recipient has the encryption "key" and can successfully decrypt the information passed to it. SSL and TLS use third party companies such as Comodo, VeriSign or GeoTrust to validate that the website is genuine, provide the encryption and decryption abilities.

Web Security testing is a very vast topic. There are different levels in it. Fore e.g. DB testing , Protocol testing, Penetration testing, etc.

Simple answer- We should see to it that our data is passed with encryption.
- Better use Post method rather than Get for form submission.
- The site has SSL encryption