What are the common web application vulnerabilities in the OWASP Top 10, and how would you mitigate them?