Quality is delighting customers
Try Cheat codes, session hijacking, url manipulation, cookie poisoning etc etc...
I would suggest you to go through the OWASP testing guide. It will help you to understand the vulnerabilities in application. It is important to understand that vulnerability belongs to what like operational or functional? based on this analysis you can assign issue to proper person and which can be fixed.
OWASP is the first think you should really check. We could give you plenty of different kind of cheat sheets, but if you don't understand _why_ they are security problems, your testing and reporting is doomed.
Follow also the mailing lists and vulnerability databases at Security Focus. It gives you good idea what kind of security vulnerabilities there has been, and what kind are still very widely used.
"Vulnerability" means some kind of weakness within web apps and the main reason behind this is bug. I've shared an article on web app security and the areas you need to concern, hope that might help you. Please check the article here http://www.softwaretestingtimes.com/2014/01/Website-Security-T...
The following is an extensive library of security solutions, articles and guides that are meant to be helpful and informative resources on a range of Web vulnerability types, including, but not limited to, Cross-Site Scripting, SQL injection, CSRF injection and insufficient transport layer weaknesses. Web application vulnerabilities are some of the most common flaws leading to modern data breaches.