The Open Web Application Security Project (OWASP) is a not-for-profit group that helps organizations develop, purchase, and maintain software applications that can be trusted. Use this companion checklist for Section 4 of the OWASP Web Application Security Testing framework. Intended as record for audits.
How often should this be used?
Ad hoc on new application deployment or major infrastructure change.