You are missing fundamentals like the Seven Deadly Sins of Web Security. Also missing is ninja threat model.
These are the thing that will wipe you out.