Open Web Application Security Project: "Secure Coding Principles"

Read this page.