Troy Hunt wrote a great series on the OWASP top 10 for developers. This series is a few years old, but still completely relevant since the OWASP top 10 has remained the same for a while.
OWASP is an organization that tracks most common web vulnerabilities and gives guidance for writing secure applications. They have released the New Top 10. Unfortunately, it is not that much different than the old top 10. Does this mean that most web developers don’t know about the most common security risks?
Read more here