OWASP is your friend. Their Top Ten List of web application security vulnerabilities includes a description of each problem and how to defend against it. The site is a good resource for learning more about web application security and is a wealth of tools and and testing techniques as well.
