Basic Guidelines for Secure Software

Web applications accessible to the public Internet are guaranteed to be the target of random or focused attempts at mischief or abuse and recovering from a root compromise always painful. At a minimum, web applications require the planned design and consistent implementation of diverse technologies based on:

Microsoft developers should also be very familiar with the .NET Secure Coding Guidelines [microsoft.com].

Developers of e-commerce application should also be familiar with PCI Security Standards [pcisecuritystandards.org] for payment card processing. And if you work in healthcare software, it is a must to know HIPAA for Profesionals [hhs.gov]