The Open Web Application Security Project (OWASP) has two cheat sheets that every developer needs to be aware of

 

Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

and

Cross-Site Scripting (XSS) Prevention Cheat Sheet