There are some common mistakes by dev side that must be kept in mind i have compiled following few point which a tester must keep in his mind .
1. There must be strong validation when a request is submitted to server . Try to input mall ware inputs like SQL injection scripts . Mostly it is observed that we-services are not having data validation when request is submitted so it becomes prone SQL injection and other hacking techniques
2. In case you see a web service that will be used commonly and will be flooded by users never hesitate to perform a load test.
3. Ensure by inspecting code that there is none such response in which system errors are sent to end users.