Do validate all user input
Do escape input values
Do fail Safe
Do treat sensitive security information with care
Do practice defense-in-depth
Don't provide hints to hackers
Don't add comments telling what the code does; say why the code does what it does
Do study code patterns
Do make (code) buddies
Don't just fix defects, study them
Download this checklist (PDF)
16 Mar 2006