1. If you use user authentication, make sure you check for it on the request page!
2. Check for SQL injections.
4. Keep the business logic on the server!
5. Don't assume every request is real!
6. Check the data with validation!
7. Look at the request's header information and make sure it is correct.