Thank you for sharing! I'd just like to add my fav resource on webdev security: "OWASP Developer Guide Reboot".

https://github.com/OWASP/DevGuide

It's the updated version of their classic web security guide. All of the updates happen on Github in the open and they also accept patches. Chapters 3 and up are really great.

Shameless plug: although not a secure development practice, but it's a security practice to scan your application regularly. For that you should run tools like "brakeman" for ruby on rails, for example, but you should also run dynamic tests using a free service like https://gauntlet.io -- and you should scan regularly because scans got updated and may find new bugs. That's a good practice.

The quote at the beginning of the SO question you linked to, one of the top-25 questions of all time, is so ironic given the current state of SO:

> We believe that Stack Overflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems.

SO is a great website, but I wonder how much more it could've been if this sort of a page was allowed now.

I know what you're saying but they're coming out with Stackoverflow documentation : http://stackoverflow.com/tour/documentation.

Not sure whether this will be the solution that you're looking for. But if you give feedback, maybe, it will happen sometime.

HIPAA compliance is a good checklist even if you don't need the certification. It covers the administrative and physical safeguards in addition to the technical ones.

Check it out: http://www.hhs.gov/hipaa/for-professionals/security/laws-reg...

I'd really like to see something like this for mobile apps as opposed to form-based web apps.