Cross-Site Request Forgery (CSRF)
Clickjacking
Security misconfiguration
File inclusion
SQL injection