Most of the security is handled by the host provider. If you are hosting it on your own, you have a lot of work to do.
On the flip side, as a developer there are many things that you can do to help reduce your site "attack surface".
One of the biggest and (IMHO) most important things: SANITIZE USER INPUT.
Don't just assume that all users are going to be benign and enter correct data - there are SQL injection attacks and cross-site scripting (XSS) attacks that are usually mitigated by sanitizing (stripping out certain things) user input.
Also, using parameterized queries helps reduce the risk of SQL injection. I'm not sure how that's done in languages like ASP or PHP; but ColdFusion/Railo/Blue Dragon makes it very simple: [cfqueryparam tag. (There's also [URL="http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7d52.html"]cfprocparam](http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7f6f.html), if you're using stored procedures.)