If you have recently completed a web project, consider revising your work for finding weaknesses, and vulnerabilities.
http://cwe.mitre.org/top25/ Helps a lot to explore them.
This covers:
1 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
2 CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
3 CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
4 CWE-352: Cross-Site Request Forgery (CSRF)
5 CWE-285: Improper Access Control (Authorization)
6 CWE-807: Reliance on Untrusted Inputs in a Security Decision
7 CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
8 CWE-434: Unrestricted Upload of File with Dangerous Type
9 CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
10 CWE-311: Missing Encryption of Sensitive Data
11 CWE-798: Use of Hard-coded Credentials
12 CWE-805: Buffer Access with Incorrect Length Value
13 CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP File Inclusion’)
14 CWE-129: Improper Validation of Array Index
15 CWE-754: Improper Check for Unusual or Exceptional Conditions
16 CWE-209: Information Exposure Through an Error Message
17 CWE-190: Integer Overflow or Wraparound
18 CWE-131: Incorrect Calculation of Buffer Size
19 CWE-306: Missing Authentication for Critical Function
20 CWE-494: Download of Code Without Integrity Check
21 CWE-732: Incorrect Permission Assignment for Critical Resource
22 CWE-770: Allocation of Resources Without Limits or Throttling
23 CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
24 CWE-327: Use of a Broken or Risky Cryptographic Algorithm
25 CWE-362: Race Condition