Overview
Checklists are a valuable resource for development teams. They provide structure for establishing good practices and processes and are also useful during code reviews and design activities.
The checklists that follow are general lists that are categorized to follow the controls listed in the OWASP Top 10 Proactive Controls project. These checklists provide suggestions that certainly should be tailored to an individual project's requirements and environment; they are not meant to be followed in their entirety.
Probably the best starting point for a checklist is given by the Application Security Verification Standard (ASVS). The ASVS can be used to provide a framework for an initial checklist, according to the security verification level, and this initial ASVS checklist can then be expanded using the following checklist sections. An effort has also been made to migrate best practices from the OWASP Secure Coding Practices-Quick Reference Guide to the OWASP DevGuide. This checklist should contain most of the items from the quick references, some, however, have been rewritten or left out to ensure this checklist is in line with modern practices.
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.