Hello!
The other day I was compiling a list of resources on web application security for latvian speaking PHP developer forum php.lv/f and to my surprise (unlike in other categories) I could not find compilation of resources in this huge forum. So here I share what I've found so far:

PHP Security Consortium - PHP Security Guide

OWASP - Web application security principles

PHP Freaks - PHP Security

Tutorialized - PHP Security Tutorials

Code Breach - PHP Security tutorials

IBM - Mashup security / Technologies and techniques for securing UI artifacts and data in a mashup

IBM - Seven habits for writing secure PHP applications

Web Application Component Toolkit - Web Application Security

Security Patterns Very, very, very useful, yet underrated resource

Google - Browser Security Handbook

Ross Anderson - Security Engineering - The Book

Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone - Handbook of Applied Cryptography - comprehensive book on cryptography.

Please share resources that you've found on the topic of security and hopefully this thread will get pinned so that everyone can benefit.