0
- Ensure any user inputs are parsed/cleaned to ensure they can't do things such as SQL injection attacks. This includes any ajax requests where the user input can be stored on the query string. In fact anything passed into the app from the query string should be validated/cleaned in this manner.
- Do you use any passwords? If so use SSL to stop any packet sniffing. And hash your passwords in your database with a salt
- A quick Google dug up this which looks pretty good: www.securityfocus.com
- Some tips on securing user input www.dagondesign.com