David Fischer has compiled a well-written list of Web Application Security Tips (available in German only).