XSS scripts, for example: <SCRIPT SRC=http://x.com/xss.js></SCRIPT> Check input field is validated on client side as well as on server side Make sure that encryption is always enabled, using Fiddler or other similar tools SQL-injection, for example: xxx') OR 1 = 1 -- ] Check strange characters such as “<>/;,!” can not are cut or handled securely Check characters limitation