Website security field has exploded in the recent years, the complexity of the code and the architecture of these sites are so developed that the term "web application" is more appropriate.
Here I will not repeat what you can learn on the OWASP web site that you SHOULD read if you are interested into web security, but you will find other personal researches and code example that can help you to improve the security of your webapp.