How did you learn about security in your web development?

Question

I've been developing intranet web sites and public web sites with no big issues concerning security. There were nothing to steal and nothing to gain. Nothing to attract people to try to reach the website behind the scene. I don't talk about login & password but more about the security against user attacks.

So, what's the best way to learn to secure the access to a site, to learn about common mistakes or weakness to think about ? Do I have to find a framework related to the language I use and rely on it or is there a source (book, website, ...) where I can find information about general design and tricks ?