12.2 More security

We should also point out that application-level security is more than using authentication and authorization. Common vulnerabilities in web applications are Cross Site Scripting and Injection Flaws, see for example the owasp site for more information on these topics.