OWASP's Top 10, the Open Web Application Security Project's top 10 most critical web application security risks. A new list for 2013 has been published.
OWASP top 10 list was last updated in 2010; in this update the importance of cross-site scripting (XSS) and cross-site request forgery (CRSF) has been reduced while risks related to broken session management and authentication have been prioritized higher.
Injection attacks (Code injection, SQL Injection etc) which was the topmost risk in 2010, has still retained its position in the new list. According to OWASP, The 2013 Top Ten list (PDF) has been compiled based on half a million vulnerabilities discovered in thousands of applications from hundreds of vendors.