Indepenedent of what platform you are running, independent of what database system you are running, the number one threat to most websites is SQL Injections.
Ofcourse, if you are a .NET developer, using Parameterized Stored Procedures will in most cases protect you from this.
However, knowing how SQL Injections work is never a bad idea, and will help you understand some of the basics needed to write secure code.
This article shows how an injection attack takes form and why it works. Interesting and recommended reading.