Many attacks on Web-based applications rely on the attacker's ability to feed programs unexpected input from parameters, an that is very often passed in the URL string.
The first line of defense is having well-written Web applications that validate inputs and protect themselves against attack; that's pretty obvious.
If you are responsible for Web applications, get to know the Open Web Application Security Project (www.owasp.org) which has excellent information on URL attacks and the best practices you can apply to protect against them.
Next, get to know inCompass technologies by NetSTAR. The seemingly simple task of checking the known categorization (both inbound and outbound) can act as an application layer firewall. Your firewall lets port 80 and 443 traffic pass, but what's checking on the reputation of traffic going in and out and it's destination?
An OEM solution capable is categorizing URL in real-time (at the same time a URL is requested) helps secure your reputation, and URL categorization, it's all we do as a company. Request an evaluation for your product, service, or solution.