OWASP - Open Web Application Security Project

OWASP - Open Web Application Security Project Top 10 

1) Injections
2) Broken authentication & session management
3) Cross-site scripting (XSS)
4) Insecure Direct Object References
5) Security Missconfigurations
6) Sensitive Data Exposure
7) Missing Functional Level Access Control
8) Cross-site request forgery (CSRF)
9) Using components with know vulnerabilities
10) Unvalidated redirects and fowards