The OWASP Top 10 web security vulnerabilities are updated annually and represent the 10 vulnerabilities of greatest threat to your web application. As of 2014 they are as follows:
- Injection
- Broken Authentication and Session Management
- Cross Site Scripting
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards.