http://arxiv.org/PS_cache/cs/pdf/0210/0210026.pdf is an amazing paper on attack taxonomy that organizes all the known IT security attacks in the world. The defence mechanism can be very simple: Only restrict the user input and you can get away with most of the issues. Otherwise, store all the data in encoded format, and do output escaping. Such a simple solution for all security problems in the world!!