The OWASP Top 10 — a list of the biggest vulnerabilities plaguing web applications — hasn’t changed much in the past 15 years.
Cross-site scripting, injections, broken access controls, broken authentication, insecure configuration, data exposure — these have all been problems that the Open Web Application Security Project has been warning us about since 2004.
As web application become the norm for software delivery, continued presence of these basic problems is an embarrassment for developers.