2010 CWE/SANS Top 25 Most Dangerous Programming Errors 
Interesting read about various kinds of vulnerabilities to watch out for when developing webapps. Some of the classic ones like buffer overflow which modern programming languages like Java don't have. But some other interesting ones in there too. The consistent theme is to be careful about allowing any kind of 'programattic' or 'dynamic' functionality with input come from outside the app ( the user for example). Having implemented SSL support in Java clients/servers and implemented encryption support I found this a real interesting read from the security perspective:
http://cwe.mitre.org/top25/?
