Security Issues of Web Apps

Your web app is likely to be constantly under attack!  
Just take a look at the following list!


Common Concerns
Secure Messaging
Protection of Resources
Negotiation of Contracts
Trust Management


Common Attacks against Web Services
Reconnaissance Attacks
Dictionary Attack
Forceful Browsing Attack
Directory Traversal Attack
WSDL Scanning
Sniffing
Privilege Escalation Attempts
Format String Attacks
Exploiting Unprotected Administrator Interfaces

Attacks on Confidentiality
Registry Disclosure Attacks

Attacks on Integrity
Parameter Tampering
Coercive Parsing
Schema Poisoning
Spoofing of UDDI/ebXML messages
Principal Spoofing
Routing Detours
External Entity Attack
Cannoicalization
Intelligent Tamparing
Impersonation

DOS attacks
Flooding attacks
Recursive Payloads sent to XML Parsers
Buffer overflow exploits
Race Conditions
Symlink Attacks
Memory Leak Exploitation
Command Injection
SQL Injection
XML injection

Malicious Code Attacks

URL String Attacks
Parameter Tampering
Cross-site Scripting
Session Hijacking
Malformed Content
Logic Bombs Trapdoors/Backdoors




Reference:
Sangwan S. and Sangwan YS. (2010)  "Designing a Frame Work for Web Application Information Security Architecture".  International Journal of Electronics Engineering 2(2):337-380