The Open Web Application Security Project has released version 2.0 of their Guide to Building Secure Web Applications and Web Services. Many, many improvements over version 1.

It’s well worth reading, but production was rushed a bit to get it ready for release at Black Hat, so you might want to wait for an early update (2.0.1). I’ll have more comments once I get a chance to read through more of it.

Update: Version 2.0.1 of the guide has been released, with a revised cryptography chapter.