Websites are getting much more complex and the way people are attacking sites are both complex and simple. Some of the most basic things can lead into very complex attacks.
SQL Injection
This is one of the simplest to prevent but can easily be overlooked and lead to extensive damage in your website. An SQL Injection is when a user types into a form things they are not suppose to and instead submit SQL queries. For instance if you have an form that accepts a persons name and inserts it into a table of names, a user might instead type in something like "; DELETE * FROM names". If your input isn't validated and escaped, this might run on your database and delete all the names. This can easily be fixed by validating your input and escaping your variables in your SQL query.
Brute-force-attack
A brute force attack isn't very complicated at all, its fairly simple. In this attack an attacker will repeatdly attempt to get onto your sites with a computer alogrithm until they can do something on your site. For instance, if they know johndoe@noreply.com is the username, they might try a database of passwords over and over until they are successful. This can be repeated with several different things. This can be fixed by checking how often the user submits.
The CMS issue
This is a new issue I am starting to run into more and more often with newer websites using widely used content management sites, such as Drupal. Attackers are starting to notice it is easy to find sites like this and attack them because they are all the same and consistent. I have found that attackers search for things like "node" when using Drupal. Once they have a list of sites, assuming the user has the default install, they might be able to post several comments because there is no captcha or any other interface to catch this. This same procedure can be used across the board for several different CMS.
DoS Attack - Denial of Service
A denial of service attack is when an attacker repeatdly does a procedure that caues your server to lock up. For instance this might be as simple as submitting a form repeatdly for ever, thus causing no one else to be able to use your site. There are several reasons why people will do this, from grudges to stopping your site from running because of competition issues. This can be stopped by monitoring how often a user submits forms or other services on your site.
Of course this is not an exhaustive list of security attacks but hopefully it will get your started on some complex security issues that you may encounter. Be careful and make sure you think what an attacker may do. Make sure you create backups of your data, in addition to hashing all important information so it is more difficult for an attacker to use.
