1. Keeping all software, including operating systems and content management systems, fully updated is essential for website security. Updates help patch vulnerabilities that hackers exploit. 2. SQL injection attacks occur when malicious code is inserted into database queries via web forms or URLs. These can be prevented through parameterized queries. 3. Cross-site scripting happens when attackers insert JavaScript or other scripts into web forms to run malicious code. Form inputs should be encoded or stripped of HTML to prevent XSS attacks.