Developers have a tendency to want to turn their workstation into a server environment to speed the code-test-debug-code cycle. However a proliferation of server services running on workstations can be a cause of security concern for the network.

To minimize the potential security vulnerabilities on the network it is recommended that each developer be given space, aka a "sandbox", on a server.  The purpose of a sandbox is to give the developer a complete clone of the production server environment for the development life cycle.  Ideally, this would be a development server that is as similar as possible to the production server.  However a sandbox can be configured on a production server utilizing isolated virtual hosts and checked out copy of the code base.

Recommendations:

Peer Reviews

Internal Auditing
Plan to test and quantify application security behavior during the QA process, just like any other system functionality.

Version Control Systems
Use of a version control system like Subversion, or Visual Source Safe is highly recommended.
A version control system allows multiple developers to work on a common code library concurrently. Version control systems also provide a level of safety, or backup for your web applications. For example, your production web site is simply another checked out, or working copy, version of the trunk of your project. If you update production and then realize some recent changes have broken existing functionality you can quickly and easily roll back (undo) the changes by checking out an older version of your project.