Vulnerabilities

Validating Data

Making sure you're getting what you think you're getting

Preventing Cross-Site Scripting

Don't let one user run client-side code on another user's browser

Preventing Command Injection

Don't let a malicious user monkey around with your database or filesystem.