In general, testing the security is a good idea. However, I strongly discourage putting your website on some hacking forum. You never know if they tell you everything they find, if they just pull all your valuable data and not actually tell anything, and so on. Also, they usually want an incentive to actually do that for you, too...
The best course of action is to use trusted connections, like your brother, but also do risk management. What kind of controls are in place against hacking and what kind of weaknesses do they have? How bad would be your losses if someone hacks you? How much money are you willing to spend to improve security? Etc.
There are professional pen testers, who will happily give you an extensive analysis about attack vectors, security problems and weaknesses on your website. They do cost several thousand $, though, so you better have the need for them.
While it is important to shield your website, it is unlikely in most small cases, that someone puts in all they have to hack you, so why pour money and time into mitigating such attacks? Most of the time, it's user mistakes, bots and rarely script kiddies. Team Hashnode has to fear me reversing their API and website ( 😈 haha), but that's all there is.
If you want to do this purely for learning, I recommend creating a fake product. Create a completely new website, leave out anything pointing to you or your accounts or your company. Create new accounts at a neutral hosting solution. Then put the whole thing up and in that case, you may also go for shady forums and ask them to try their worst. You may put some BTC into a fake account in your project, so they have a goal to actually look for. Giving them a goal is more realistic and gives you control over what they will likely dissect.