I am working on a consumer facing web application built on .Net/C# MSSQL as the databse
We have been following general good coding practices to prevent bugs and SQL/JS query injections but non of us are experts on security.
What would be a good checklist to find out how really secure is the application we are building.
Since you're developing on MS platforms, have you looked at the Security Development Lifecycle?
Michael Howard's Writing Secure Code covers many of these practices as well.
The Open Web Application Security Project (OWASP) has many resources - you can start with the Top 10 vulns and take a look at the testing and code review guides. We have a project specifically for .NET at OWASP .NET Also, here's a list of useful resources recommended web security resources for .NET.
I'm not sure what was meant by a checklist, since it could related to development (to help developers write less bugs), code review (to catch bugs in review) or testing (to ensure that all facets of the vulnerability are tested for).
OWASP does have guides to support all the three needs -
And then to top it off, you could always refer to the OWASP Top 10 list, to establish priorities on the vulnerabilities that you would like to concentrate most of your efforts on.
As Mark mentioned, the OWASP .NET project will be useful.