The following slide slow by eWeek provides excellent security awareness in defining popular security attack methods to avoid and setup protective defenses against:

Today, more and more application development processes are moving onto the Web. In fact, entire productivity suites, including Google Drive, email, storage, digital credit cards, photos and more are housed there. Despite major growth in this area, the application layer remains the hardest to defend, as Web app vulnerabilities often rely on complex and hard-to-define user input scenarios. This layer is also inherently the most exposed to the outside world, due to the specific nature of the app function and its need to be accessible over HTTP or HTTPS protocols, increasing its risk for being attacked. Recent IBM X-Force research found that SQL Injection, an application attack, was responsible for 8.1 percent of all data breaches in 2014.

To defend against these attacks, developers must understand how they work and create applications with built-in software defenses. To do this, the Open Web Application Security Project (OWASP) has put together a list of the top ten common application attacks. Based on information from the IBM Security Ethical Hacking team, eWEEK examines, in descending order, which app attacks tend to occur with the most frequency and severity.

Application Security – Top Ten attack methods in 2015

#1: Injection Attacks
#2: Broken Authentication and Session Management
#3: Cross-Site Scripting
#4: Insecure Direct Object References
#5: Security Misconfiguration (non-secure server settings)
#6: Sensitive Data Exposure (no encryption)
#7:  Missing Function Level Access Control
#8: Cross-Site Request Forgery
#9: Using Components With Known Vulnerabilities
#10: Un-validated Redirects and Forwards