- OWASP Top 10 by OWASP Foundation, OWASP
- A great place to start for auditing your own application for security vulnerabilities and also for learning about application security. For each of the top 10 risks, learn enough to answer the question: how does my application defend itself against this risk and what could we do (if anything) to improve?
- OWASP Cheat Sheet Series by OWASP Foundation, OWASP
- A collection of writeups that each focus on a security-sensitive issue, process, or technology. Dozens of cheat sheets cover many of the common needs for most companies.
- Probably Are Gonna Need It: Application Security Edition by Jacob Kaplan-Moss, Distinguished Member Of Technical Staff, Latacora
- Jacob zooms out from code-focused security and gives guidance on a few must-haves for any company that handles user data.
- Security Breach 101 and 102 by Ryan McGeehan, Founding Advisor, HackerOne
- A two part blog post series about how to respond to a severe security incident.