Is worrying about XSS,CSRF,sql injection, cookie stealing enough to cover web-security?

Question

Web applications on uncompromised computers are vulnerable to XSS,CRSF,sql injection attacks and cookie stealing in unsecure wifi environments.

To prevent those security

Answer 1

This is the definitive guide to web attacks. Also, I would recommend you use Metasploit against your web app.