Security is a huge subject. As Bernhard pointed out, what makes sense for you to guard against depends a great deal on what your application does, how it is accessible, and who can access it. Authentication is a first step, encryption or using SSL is an easy one as well.
You might want to read up on subjects like SQL injection, parameter validation and cross-site scripting vulnerabilities as well.
This site is a good start for further research.