Injection attacks top the 2010 OWASP Top 10 list of Web application security threats, including SQL, OS, and LDAP injection. The list is considered a release candidate that will be published in its final form in 2010. Cross-site scripting (XSS), broken authentication and session management, security misconfiguration, failure to restrict URL access, unvalidated redirects and forwards, insecure cryptographic storage, and insufficient transport layer protection are among the top 10 threats.
Source: https://threatpost.com/owasp-con-begets-top-10-threats-list-111609/73106/