You can have a super secure server , however, if the applications your building on it have vulnerabilities , you are vulnerable to attacks.
Some of the most common exploits are listed over here:
en.wikipedia.org/wiki/Exploit_%28computer_security%29 (copy/paste link in browser adress)
Remember to disable register_globals , validate your input , whitelist users that can modify important files and so on.
Anyone can contribute with tips on software/application security , since this is what the thread is for!

Sorry for bringing up an old post, but I just wanted to provide my own feedback on this threat. I started studying for the CISSP exam and one of the key points that I learned is that application security is of paramount importance. More than 85% of security flaws are located on applications. Security professionals should consume most of their effort to build secure applications rather than building up security in networks (with firewalls, IPS etc). Ofcourse network security is very crucial as well, but what I say is that application and software protection is more important.

My two cents.

I ran into this issue recently with a customer where I work. He couldn't understand the fact that the server is only as secure as the scripts the customer put on to it. We run a good security server, but if you put script on it with security vulnerabilities, such as Joomla 1.15 into the system, then the compromise is going to occur on the script level and not the server level. Needless to say he was upset and ranted for over an hour on someone hacking his website due to the Joomla 1.15 security bug.

I ran into this issue recently with a customer where I work. He couldn't understand the fact that the server is only as secure as the scripts the customer put on to it. We run a good security server, but if you put script on it with security vulnerabilities, such as Joomla 1.15 into the system, then the compromise is going to occur on the script level and not the server level. Needless to say he was upset and ranted for over an hour on someone hacking his website due to the Joomla 1.15 security bug.

It is as much of fault as Joomla as it is some for people, who fail to update their scripts.