This document provides a summary of best practices for developing and deploying secure web applications. It outlines a hierarchical view of application security with three levels - single transactions, session security, and full application security. Guidelines are presented for each level to help developers implement authentication, authorization, input validation, error handling and more to protect applications and user data.