In a (rather large) attempt to bring more security to online applications, Microsoft has released this PDF file with some general rules and practices that might be a good idea.

This download contains guidelines for architecting, designing, building, reviewing, and configuring secure to build hack resilient ASP.NET Web applications across the application tiers, technology, and servers. Topics include Threats and Countermeasures; Threat Modeling; security review for architecture, design, code and deployment; Hosting web applications; CAS; securing web, application and database servers; ASP.NET, Enterprise Services (COM+), Web Services, Remoting, and data access (including ADO.NET and SQL Server).

Of course, this document is more .NET/ASP centric, but the principles are still the same in any language, and it's worth a glance (but not a read through it's 96 pages).

Thanks to PHPEverywhere for the pointer...