WE USE OWASP TOP TEN APPROACHES:
Injection
Insecure direct object references
Security misconfiguration
Broken authentication and session management
Sensitive data exposure
Cross-Site Request Forgery(CSRF)
Missing function level access control
Cross Site Scripting(XSS)
Using non-vulnerable components
Invalidated redirects and forwards