Where can I find a web-project "security checklist?"

I'd say you should find plenty of informations on the OWASP website, on the matter of vulnerabilities in web applications, and informations on how to help make yours more secure.

(But there is so much to say about that subject that you might actually get "more" informations than you'd first like...)

Check out this link "Seven habits for writing secure PHP applications":

http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html

The IBM articles are always very useful, thanks.

PS: also this "Recommended PHP reading list"

http://www.ibm.com/developerworks/opensource/library/os-php-read/#security

I think there are two main categories, which should be considered:

Configuration & installation (for example): http://aymanh.com/checklist-for-securing-php-configuration Programming (example): http://www.jemjabella.co.uk/blog/php-security-checklist

Other ideas?