Top 10 security vulnerabilities by OWASP
A1 Injection (PHP include, global variables, Sql Injection through Url) A2 Broken authentication (To avoid broken authentication put into practice not leaving the login page for admins publicly accessible. Rename /wp-admin/ on WordPress to something else. Rename /admin in Magento to something else) A3 Sensitive data exposure (arp spoofing resulting traffic sniffing, stealing auth passwords, […]