This presentation contains the list of top 10 bad practices those lead to security problems in MY opinion according to code reviews. Those practices are “eval” Function, Ignore Exception, Throw Generic Exception, Expose Sensitive Data or Debug Statement, Compare Floating Point with Normal Operator, Not validate Input, Dereference to Null Object, Not Use Parameterized Query, Hard-Coded Credentials, Back-Door or Secret Page