The Open Web Application Security Project’s Guide to Building Secure Web Applications:
The Guide covers various web application security topics from architecture to preventing attack specifics like cross site scripting, cookie poisoning and SQL injection.