So, to answer your question: You’ll never reach 100% security. It’s just not possible. However as they say that SQL Injection was used to hack the RIAA website, this was a classical web application flaw. While I can’t describe all the programming errors one might make to introduce a vulnerability, what I can do is point you to the OWASP Guide, which is a comprehensive guide on how to build secure web applications. I can really recommend to read it, if you want to know more about web application security.

Best Regards,
Cyberphob1a