To avoid security problems on the pages of your website you need to keep the published web applications safe. In fact it’s possible that pages with a code that is not secure are vulnerable to various types of attacks, such as XSS or SQL injection. These vulnerabilities are not related to the security of the webserver, as they are used with normal HTTP requests, purposely created to use the code of the web pages illegally.
The things you should do on a regular basis to avoid this type of problem differs whether you use a web application developed by third parties or one you have developed yourself.
APPLICATIONS DEVELOPED BY THIRD PARTIES
To publish your own website you can use various "ready-to-use" applications on the internet written in many languages and with support for different types of databases. These types of applications include forum, e-commerce, webmail, guestbook and much more. All these applications can present various types of vulnerabilities which people with ill intent may take advantage of. To avoid these types of problems you need to look out for updated versions of the applications you are using regularly, usually the updates are available directly on the home page of the developer.
Unfortunately the latest versions of applications are not always safe, for more information on common vulnerabilities and on which versions of the applications are affected use these two excellent websites :
If one of the applications you are using is not safe we strongly recommend that you stop using it or find a similar application which is not affected by vulnerabilities.
It’s necessary to check for available updates of the applications you are using on a regular basis. For a successful result you need to repeat the process at least once a month.
If the application you are using is no longer supported we suggest that you switch to another application of the same type which is still supported as soon as possible.
APPLICATIONS DEVELOPED BY YOU
The most important thing for applications developed by you is to create them so that they are not vulnerable to RFI (Remote File Inclusion), a technique which allows you to retrieve via Url the content of a page which is different to that which was loaded and view sensitive data on the content of your website. Usually this type of vulnerability is used with HTTP requests which are similar to the following:
Where index.php is your web page with the vulnerability and malware.php on the other hand is a page with malicious code published on an external server. Through these requests an attempt is made to run the remote malicious code on the server where your domain resides.
It is also important to avoid SQLInjection (injection of unwanted sql queries) on your mysql-mssql database. A description of this type of vulnerability is available at: http://en.wikipedia.org/wiki/SQL_injection
On the internet there are many guides on how to write secure codes in various programming languages.