OWASP Top 10 (2017) security flaws include:
- Injection
- Broken Authentication and Session Management
- Sensitive Data Exposure
- XML External Entity (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialisation
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring