My favorite resource for this is : <a href="https://www.owasp.org/index.php/Main_Page" rel="nofollow">https://www.owasp.org/index.php/Main_Page</a><p>It has the major security flaws, how they secure them, and how the attack is done. However, I think the best way to secure a website is to keep one thing in mind when programming: never trust anything from the client. Thats input, cookies, anything that can be tampered with on the client side (browser in the case of the web). If you do accept anything without sanitizing or having some sort of check, then you will be hacked and something will be stolen (whether or not it is important, that depends on the domain you are working on).
See also<p>How To Use SQL Calls to Secure Your Web Site <a href="http://www.ipa.go.jp/security/vuln/documents/website_security_sql_en.pdf" rel="nofollow">http://www.ipa.go.jp/security/vuln/documents/website_securit...</a><p>Official Site <a href="http://www.ipa.go.jp/security/english/third.html" rel="nofollow">http://www.ipa.go.jp/security/english/third.html</a>