What steps do you generally take when auditing the security for a development project you have?

What about just the source?

Is there a checklist you use of specific steps and if so what is it?

Are there certain areas of functionality you pay more attention to than others?