I found this earlier this morning and figured I'd share a link. It has an overview of some web server hacking methods. It's worth a quick read. A story on an UK newspaper website about the recent hacking of some British news site linked to it.
Nice and very practical.
If anyone wants to get educated on web application vulnerabilities you can find a lot of information in OWASP:
Thanks for the links, eldad. Does anyone have more security resources for us to look at?