While not an exhaustive article on securing web applications, the four steps shown here will get you pretty far along in building a secure web application.
One of the first steps you should take to secure your web application is to use HTTPS. For those of you that think it is too hard, too expensive, or too compute intensive, hopefully I can convince you otherwise.
So why would we want to use HTTPS? The number one reason is to keep people and devices from viewing or modifying content being sent and received. There are so many hacks and exploits that can be done when not using a secure connection. It is foolhardy to not use HTTPS.
So how would you get up and running with HTTPS without shelling out a lot of money? Let me introduce you to StartSSL. StartSSL offers free Class 1 certificates you can use to implement HTTPS on your site. While their UI is a bit clunky and cumbersome to work with, the fact that you can get a valid certificate is well worth it.