- Logic problems that facilitate manipulation of the application
- Session management weaknesses related to cookies and session IDs that allow for privilege escalation
- Accounts with weak passwords
- Login mechanism weaknesses that permit unauthorized access - especially within home-grown multi-factor authentication systems
- Login credentials and other sensitive information left behind in the Web browser cache/history files
In addition, don't forget to consider vulnerabilities at the server level such as running unnecessary services, missing patches, running SSL version 2, and weak encryption ciphers for your SSL certificates.
Your approach to this shows that you take application security seriously so you're halfway there. Keeping a sharp eye out for the all the less common issues will help you take your application testing to a new level. This is good for business and good for your career! If you still hav questions and concerns about application security outside of what I included in my expert response I recommend checking out some of the below resources.
More information on application security
Quick attacks for Web security, penetration testing and SQL advisory
Are you in need of penetration testing but are on a strict budget? Expert Matt Heusser provides tips and tricks to get your software application live and without issues.
Network security: Analyze your hosts and ports with nmap, Nessus, and netcat
Application expert explains security tool options like nmap, Nessus and netcat to make your software applications safe and secure.