Guidelines for web application programmers
From Security Wiki
Guidelines and Tips for Web Application Programmers
In no particular order...
Safe handling of user input. User input may not be what you expect!
Running an external program. What to watch out for when running commands in your application.