The OWASP Project
https://www.owasp.org/index.php/Main_Page
  this page has links to:
  The Cheat Sheets for Developers
  The Development Guide
  The Code Review Guide
  The Testing Guide
  The 10 Most Critical Security Risks
  
  
The Web Application Security Consortium 
http://www.webappsec.org/
  this page has links to:
  The Web Hacking Incidents Database 
  Web Application Security Scanner Evaluation Criteria 
  The Script Mapping Project   


CWE/SANS TOP 25 Most Dangerous Software Errors
https://www.sans.org/top25-software-errors/


Live maps of hacking attempts
https://norse-corp.com/map/
https://cybermap.kaspersky.com/
https://www.digitalattackmap.com/
https://threatmap.checkpoint.com/
https://threatmap.fortiguard.com/
https://www.akamai.com/es/es/resources/visualizing-akamai/real-time-web-monitor.jsp?tab=attacks&theme=dark
https://threatbutt.com/map/
https://talosintelligence.com/fullpage_maps/pulse



The Verizon Data Breach Report
http://www.verizonenterprise.com/verizon-insights-lab/dbir/


XKCD Web Security related comics
http://xkcd.com/327/
https://xkcd.com/936/
https://xkcd.com/792/
https://xkcd.com/538/
https://xkcd.com/565/


Secure coding references
CERT C++
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637

CERT C
https://www.securecoding.cert.org/confluence/display/c/SEI+CERT+C+Coding+Standard

CERT Java
https://www.securecoding.cert.org/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java

CERT Secure Coding site
http://www.cert.org/secure-coding/