Mark Woods posted this link on the CFAussie mailing list yesterday – A Guide to Building Secure Web Applications from The Open Web Application Security Project.
I’ve never heard of these guys, but there’s some great stuff here. In particular, check out the sections on cookies and SSL – there’s some good plain-english explanations of the concepts that come up in mailing list questions all the time.
Some of the sections are a little light, but from the foreword I understand it’s a work in progress. Definitely worth bookmarking for future reference!