See common categories here
And, what's way more important, recently the OWASP guys updated their top 10, check it out.
