Google has a good quick guide to the more common types of hacking attacks made on typical websites.

They cover SQL injection:

SQL injection is a technique to inject a piece of malicious code in a web application, exploiting a security vulnerability at the database level to change its behavior.

Attacks on content management systems:

Many web applications are built around big communities, offering constant support and updates.

And how to spot non-obvious attacks, such as spam:

They can also exploit a site for spamming, such as by hiding links pointing to spammy resources or creating pages that redirect to malware sites.

This very site has been hacked twice, fortunately by "conscientious hackers," but keeping up to date on potential security flaws is critical. Read the whole article here.