Variable injection

SQL injection

Input filtering

Output escaping

Security by obscurity

Fix the rights

Configuration

Cookies and Sessions