It's a lot to digest but the OWASP development guide covers Web Site security from top to bottom.
Know about SQL injection and how to prevent it.
Never trust user input (cookies are user input too!).
Hash passwords using salt to prevent rainbow attacks. Use a slow hashing algorithm, such as blowfish(time tested) for storing passwords. (How To Safely Store A Password)
Don't try to come up with your own fancy authentication system: it's such an easy thing to get wrong in subtle and untestable ways and you wouldn't even know it until after you're hacked.
How to resist session hijacking.
Avoid cross site scripting (XSS).
Avoid cross site request forgeries (XSRF).
Keep your system(s) up to date with the latest patches.
Make sure your database connection information is secured.
Keep yourself informed about the latest attack techniques and vulnerabilities affecting your platform.