A good starting point for a web developper would be the Open Web Application Security Project (OWASP). They have a lot of ressources on the subject of Web Application Security and on some on application security in general. You can get some of the wisdom of that side in book form.
