Ever gone through your code and discover stray or strange SQL code? Then you have been infiltrated by malware, injecting it with code that is meant to do anything they wish. Security can be improved by preventing such SQL injections, Executable files, users modifying parameters and unsecured stored passwords, all of these make for bad code and eventually failed security
One way is to prevent executable files from being uploaded for execution. Parameters that are sensitive should be filtered properly ensuring only legit ones are accepted. Ant attribute that you think can make or break down security, make it un-editable by using proper parameters.