I printed out my Asana task list of web app security testing,hopefully you’ll find it useful. OWASP 10 are the starting points of web testing, followed by other not so common issues.
Comments inside my task list are more helpful(provide various attack scenario and test cases) but Asana don’t export comments while printing, maybe I’ll write a proper short guide explaining all the points in future. Stay tuned on my twitter for further updates.
Here is the PDF of Security task list