Create an inventory of applications.
Determine which applications have the most exposure to untrusted users.
Build a schedule to start evaluating each application, in priority order, for glaring security problems.
If you write any programs at all, get a copy of Writing Secure Code .