Look at OWASP Top 10 for year 2017 and 2013 showing list of top 10 vulnerabilities in web application.
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2013
Assuming OWASP would do their next survey in 2021, you need to briefly discuss what would be the top three vulnerabilities in web applications based on the results from 2017 and 2013. Explain why you think that way with the source of your information.