An excellent question and top answers over at Stack Exchange Programmers – What should every programmer know about web development?
Most of us will know the majority of points given in the answers, but a few were new to me and/or interesting so I wanted to note them for reference:
- Redirect after a POST if that POST was successful, to prevent a refresh from submitting again
- Read The Google Browser Security Handbook
- Read The Web Application Hacker’s Handbook
- Learn how to gzip/deflate content (deflate is better)