CLASP, Comprehensive Lightweight Application Security Process
While I was returning from a small business trip I decided to read CLASP (Comprehensive Lightweight Application Security Process) I fired it up in my notebook and really impressed but I think still need to improve lots of sections.
For example "Vulnerability View - Range & Type Errors" doesn't include lots of web application vulnerabilities like CSRF (Cross Sire Request Forgery) and much other, Checklists are really limited etc..
CLASP describes best practices for security processes for active application or new ones. You should definitely check it out. You can download CLASP from Secure Software.