I love the way Sans Security has listed the checklist of web security. It helps audit the projects security current status in any phase and identify the 30-60-90 day plan to achieve the desired destination.
I have used it in many projects and yields proven results. Highly Recommended !
The detailed list is as follows.