OWASP Guide to Building Secure Web Applications and Web Services, Chapter 20: Configuration
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 15: Error Handling, Auditi
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 10: Authorization
Data validation -- Chapter 12, OWASP Guide to Building Secure Web Applications and Web Services
About the Open Web Application Security Project
Identity, authentication key to Web services security
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 13: Interpreter Injection
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 11: Session Management
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 17: Buffer Overflows