Common Causes:

• Issue in authentication and authorization
• Damage caused by malicious input such as SQL injection and cross-site scripting.
• Not encrypting sensitive data.
• Information disclosure and loss of sensitive data.

Points to be considered:

• Latest OWASP guidelines
• Multi-factor Authentication
• Single Sign On (SSO)
• Principle of Least Privilege
• Transport and Message Level Security.
• Usage of tool to identify vulnerability in the code.
• Tools to monitor the issue.
• Security Principles:
  • Don’t develop as admin
  • Don’t trust any input ever
  • Protect against buffer overruns
  • Protect against injections
  • Prevent cross origin access
  • Don’t require super user privileges
  • Don’t implement security codes
  • Limit your attack surface
  • Execute with least privileges