Web application security fundamentals (IBM Website)

With the emergence of Web 2.0, increased information sharing through social networking and increasing business adoption of the Web as a means of doing business and delivering service, websites are often attacked directly. Hackers either seek to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading.
As a result, industry is paying increased attention to the security of the web applications themselves in addition to the security of the underlying computer network and operating systems.
The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attacks which typically result from flawed coding, and failure to sanitize input to and output from the web application. These are ranked in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors.
The links to the IBM security article is below

Web application security fundamentals