The OWASP Top 10 List
Understanding the risks and how to remedy them
OWASP actively maintains a running list of the most critical security risks to web applications.
Use the OWASP Top 10 as a guide to build secure code and minimize the risk of:
Injection
Broken authentication
Sensitive data exposure
XML external entities
Broken access control
Security misconfiguration
Cross-site scripting
Insecure deserialization
Using components with known vulnerabilities
Insufficient logging & monitoring