I had a friend who is studying information security for a masters check over a site of mine and he actually did a really pure job of it. All he did was look at my code. I found easy ways of breaking the website security that anyone could do.
I know there are ways to formally verify software for bugs. This is used for nuclear plant control systems, NASA spacecraft... to ensure 100.000% safe software. It can either find scenarios that would generate unhandled exceptions, violations... or it can prove there are absolutely no bugs at all.
Is there a list of checks to do to find exploits or loopholes in any system's security? Is there a general list or does it always have to be specific to whatever is being checked?
Is there a way to verify something to be 100.00% secure?