In a list of common coding mistakes that affect security, SQL injection still ranks number 1. Some of the techniques we use to prevent these attacks are:
- using persistence layers such as Linq2SQL or Hibernate
- replace direct creation of SQL queries with prepared statements, or stored procedures with parameters.
- verify parameters both on the client side and server side
- run the code with lowest user privileges needed to accomplish the task.

Other common mistakes are:
- OS Command injection
- Classic buffer overflow
- Cross-site scripting, and
- Missing Authentication for Critical Function

The full list can be found at: http://cwe.mitre.org/top25/