Web application security flaws needs to be known by the testers as security is moving from the realm of "non-functional" testing to "functional testing" and the risks of poor security are often too high to ignore.
1. Unvalidated Input.
2. Broken Access Control.
3. Broken Authentication and Session Management.
4. Cross Site Scripting.
5. Buffer Overflow.
6. Injection Flaws.
7. Improper Error Handling.
8. Insecure Storage. .
9. Application Denial of Service.
10. Insecure Configuration Management.
______ JAY _______