Sameer has posted about a list generated by CWE/SANS of what they consider to be the twenty-five most dangers errors you can commit in your application development (PHP related or not):
The document lists the most common and significant programming errors which can lead to serious software vulnerabilities. [...] The 25 vulnerabilities are divided into three main categories: Insecure Interaction Between Components, Risky Resource Management and Porous Defenses, details of which are listed below.
Some of the items in the list include:
- Insecure Interaction Between Components - Failure to Preserve SQL Query Structure ('SQL Injection')
- Risky Resource Management - External Control of Critical State Data
- Porous Defenses - Execution with Unnecessary Privileges
- Insecure Interaction Between Components - Cross-Site Request Forgery (CSRF)
- Porous Defenses - Use of a Broken or Risky Cryptographic Algorithm
You can see the full list here, including explanations for each.