OWASP (Open Web Application Security Project)
OWASP is a wiki-page filled with best practices and utilities. They also have several mailing lists if you want some of your questions answered.
CWE (Common Weakness Enumeration)
CWE’s description: International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.
Advanced Security Topics
By: Paul McMillan
Certainty in an Uncertain World: Gaining Confidence through Security Testing
By: Geremy Condra