potential client

I am working for a company that is thinking of switching to HostGator to host our web site. I am really new at this type of thing and am only changing because the one hosting the site is an ex employee and becoming more disgruntled. The company needs to take back control of the site, except I was hired as an assistant, not the manager of the web site. I am computer friendly and want to learn, but I also want to make sure about the security of the site for the company and our customers.

Have any of you used www.scanalert.com to check your site? Is it legit? It is supposed to check for any security holes or in roads that hackers could be able to get customer information through. I don't want to give them the OK to scan the site if they are merely looking for a way to get in.

Also, I need to know, or I think I need to know how to get SSL on parts of the site that have confidential information. I say, "I think," because I know we have SSL, I'm just not sure how. If I switch from the hosting service now, is that just something on cPanel? How much should SSL security cost? How do I get it? I'm probably going to have to consult with the ex-employee/creator of the site to get some info, but I would like to have most of it straight so he doesn't "pull the plug" before we can get switched over.

Any help is greatly appreciated.

Thanks,

candb

[MachineDog]

Okay, it'll cost you about 70 dollars for an SSL Certificate. Basically, all data will be encrypted using the private key on the server, sent out to the browser, then the browser takes the public key that the server displays to decrypt the data. This secures it. =D As for scanalert, I wouldn't try anything really that is not within the company, most likely it is infact just looking for holes in your site to sell to hackers.

[EDIT]
Oh and data sent from the client in forms would be encrypted using the public key then would need the private key which is only on the server and no one can see but the server itself to be decrypted.