Organizations:

 

Open Web Application Security Project (OWASP)

OWASP is a free and open application security community with a focus on improving the security of application software.
http://www.owasp.org/index.php/Main_Page

Web Application Security Consortium (WASC)

The Web Application Security Consortium (WASC) is made up of an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web.
http://www.webappsec.org/

Homeland Security – Build Security In

Build Security In is a collaborative effort that provides practices, tools, guidelines, rules, principles and other resources that development teams can use to build security into every phase of the software development.
https://buildsecurityin.us-cert.gov/bsi/home.html

MITRE – CWE

CERT has started various different initiatives to tackle the software security problem.
http://www.cert.org/work/software_assurance.html

SANS – SSI

SANS offers resources, white papers and other best practice guides on software security and secure software development.
http://www.sans-ssi.org/resources/

Application Security Best Practices

 

OWASP Top 10

OWASP Top 10 is a powerful awareness document listing top 10 most critical web application security flaws.
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

OWASP Development Guide

The aim of the OWASP Development Guide is to allow businesses and development teams to produce secure web applications.
http://www.owasp.org/index.php/Category:OWASP_Guide_Project

OWASP Testing Guide

The OWASP Testing Guide includes a "best practice" penetration testing framework and a "low level" penetration testing guide describing techniques for testing most common web application and web service security issues.
http://www.owasp.org/index.php/Category:OWASP_Testing_Project

OWASP Code Review Guide

OWASP Code Review guide offers information about conducting secure code reviews and to help developers in secure application development.
http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project

NIST – Guidelines on Securing Public Web Servers

This version 2.2 of the guidelines on securing public web servers was last published in 2007.
http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf

Secure Software Development Methodologies

 

Microsoft SDL

Microsoft SDL is the secure software assurance model that provides a collection of mandatory security activities that are grouped by the phases of the traditional software development lifecycle.
http://www.microsoft.com/security/sdl

OWASP CLASP

CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development process.
http://www.owasp.org/index.php/Category:OWASP_CLASP_Project

Software Security Maturity Models

 

OpenSAMM

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.
http://www.opensamm.org

The Building Security In Maturity Model (BSIMM)

The Building Security In Maturity Model is designed to help organizations understand, measure, and plan a software security initiative. The BSIMM can help determine how an organization compares to other real-world software security initiatives and what steps can be taken to make your approach more effective.
http://www.bsimm2.com