SQL Injection, Cross Site Scripting, known exploits in server software code. Those are the big ones to start with. Once you get those holes closed you are basically just as secure as everybody else.