What are the common types of security vulnerabilities in web applications, and how would you mitigate them?