OWASP, for those of you who don't know, stands for Open Web Application Security Project. It's a long established open source resource committed to improving web product security. I've long been enthusiastic about the project and some of the excellently produced tools and documentation that have come out of it. I recommend that anyone involved in any aspect of web product development takes a look.It's right here at www.owasp.org.
The project has just release a new version of it's guide to the top ten web application vulnerabilities. It's a very informative, useful, and above all, relevant document. I can guarantee that every vulnerability test that you perform will report back one or more of the issues highlighted in this work. You can download the document from the OWASP site.
Mark Curphey, one of the originators of OWASP has his own blog at securitybuddha.com. I also recommend this as a good stop-off when you have a few minutes to spare - obviously after reading this blog first.