It is still quite hard to believe how many web "designers" and "developers" implement sites that are vulnerable to SQL injection and Cross Site Scripting (XSS). Joel Spolsky blogged the other day about this problem in his "What's a SQL injection bug?" entry and Michael Sutton has found that 11.3% of web applications have SQL injection vulnerabilities. Worryingly, Michael Sutton also claims that 21.5% of web applications have XSS vulnerabilities.
I suspect that many sites out there are using versions of web applications that are not current and where these vulnerabilities have not been fixed. If you are using a web application developed by someone else then please check the following sites:-
Whilst your there you should probably subscribe the the mailing lists to be informed of new vulnerabilities as they are discovered.
If your developing your own applications then please look at the Microsoft Anti-Cross Site Scripting library as it could save you a lot of time and effort.
Of course your site might be small and you might think it contains no data that would make it interesting to hackers. Whilst this may be true, ignore the problems and you could find your server participating in a BotNet or worse.