OWASP A4 and A2: Broken Applications