Hi,

I'm new to this forum and I would like to offer my experience with protecting your website from being hacked by web application attacks such as Sql injection, cross site scripting and many more attacks.
A few webmasters that I allready spoke to got hacked by web site defacement, sql injection and the famous asprox silent defacement attacks.
There are some attacks that you will not notice on the front end on your website but in the database its a different story.
Feel free to ask questions,

Tom

A starter summary:

Keep your server and apps updated.
Review your logs.
Research & probe for vulnerabilities constantly.
Avoid poorly written code.
Use functions like php's mysql_real_escape_string().
Pray.