There are big huge work in ahead of Web Application Security. Please check with some security Books.
Some web Application identified Vulnerabilities are:
• Input Validation
• Authentication
• Authorization
• Configuration Management
• Sensitive Data
• Session Management
• Cryptography
• Parameter Manipulation
• Exception Management
• Auditing and Logging
Please read more about these points. If required then let me know. We deals in Web Application Security.