If you ask hackers, they will focus mostly on other web apps then your main website. It’s most likely that they will have more vulnerabilities.
Tip 1: have Google list your web apps
We recommend that you use Google search to find additional web applications. Go to www.google.com (external website) and make a search as follows. This will present at search result where all sub domains with web applications are listed, but the "www" sub domain will be excluded. Go through the list to find additional web applications.
Tip 2: try different TLDs
Do the same as above and test your domain with different TLDs like .info, .net and .org.