Eric Knorr has an article called Guard the Application Layer at CIO Magazine. If you read it, beware--its pretty elementary. I wish it weren't necessary to talk down to CIOs about technology, but unfortunately, that's reality. CIO Magazine knows it audience. Nevertheless, there's some good advice there, like using application scanners and application-level firewalls. There's another thing you can do as well: get an XML firewall. Probably the most important thing you can do, however, is to learn how hackers work. For that, I recommend the book How to Own the Box.