webdudek - 4:16 pm on May 27, 2008 (gmt 0)

all input should be sanitized and verified

The thing is, most website use software that wasn't developed in house.
WordPress is a good example, it is installed on so many websites, and there is no way for you as a webmaster to sanitize the code and make sure it is safe. Every now and then a new vulnerability is discovered and if you don't scan it on a regular basis, there is no way for you to know about it before it is too late.
If you run your own code, then safe programming is the answer.
If someone else wrote it, Vulnerability Scanning System can help.