For a whole host of reasons, I'm really delighted to find The Open Web Application Security Project, a group of people trying to build a catalog of "best practices" and technologies (if you'll forgive me a buzzword cluster) for securing web applications. I just found this today, so it will take a while to digest it all.