WE USE OWASP TOP TEN APPROACHES:

Injection

Insecure direct object references

Security misconfiguration

Broken authentication and session management

Sensitive data exposure

Cross-Site Request Forgery(CSRF)

Missing function level access control

Cross Site Scripting(XSS)

Using non-vulnerable components

Invalidated redirects and forwards