[zxcdw]

It's sad how "Security" there's only one very generalizing item. "Implement best practices". Right.

Is the author just ignorant, or am I a fool thinking that if anything it should be "Security" which has the most elaborate items?

[Joeri]

Security checklist: https://www.owasp.org/index.php/Category:OWASP_Application_S...

Lowest level 1a has 22 things to verify, highest level 4 has 121 things to verify. That's a lot of checkboxes.

[SquareWheel]

Security is much more dependent on the site itself though, it's not as "general". Do you have forms? Then watch out of SQL injection. Do you have user input of any type? Watch for XSS. Admin login page? Consider HTTPS. Something like a favicon can apply to every site, not so much with security practices. The idea of just having a "security checklist" is a bit worrisome in itself. The developer in charge should be familiar with the potential dangers as they program a feature, it shouldn't be an afterthought from a checklist.

[critium]

Yes, having robots and favicon is nice, but there are few items on this list that can embarrass / kill a company like bad security.