Got this from a mailing list – the top 8 security threats in Web 2.0 applications.
1. Insufficient Authentication Controls
2. Cross Site Scripting (XSS)
3. Cross Site Request Forgery (CSRF)
5. Information Leakage
6. Injection Flaws
7. Information Integrity
8. Insufficient Anti-automation
Get the full detail here, what do you think? In my case, #2 and #6 are the two major challenges in my environment.