The Open Web Application Security Project® (OWASP) is a organization that works to improve the security of software.
They provide many resources that can help you implementing a web application the right way and reduce the security risks. Many of them as caused by bad implementations done by engineers.
In 2021 they published a new Top 10 Web Application Security Risks at https://owasp.org/www-project-top-ten/ with some shifts and scope changes resulting in some ups and downs in the list. Here is the brief list of 2021 that shows that it matters what and how engineers do implement:
Also to mention the API Security Top 10 from 2019 https://owasp.org/www-project-api-security/.
This material is a MUST for Web Application and Web Service engineers to be read (and understood).
As the source of this information is available in GitHub you may find all Cheat Sheets there at https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets.