Resources

General

Mozilla Security: guidelines to help operational teams create secure web applications
The Cyber Security Body Of Knowledge (CyBOK): comprehensive Body of Knowledge to inform and underpin educational and professional training for the cyber security sector
The Open Web Application Security Project (OWASP) Foundation: nonprofit foundation that works to improve the security of software
- The OWASP Top 10: standard awareness document for developers and web application security; represents a broad consensus about the most critical security risks to web applications
Comon Weakness Enumeration (CWE) Top 25: a community-developed list of software and hardware weakness types by Mitre
Common Vulnerabilities Exposures (CVE): a list of publicly disclosed computer security flaws -- referenced by CVE ID number -- by Mitre
National Vulnerability Database (NVD): U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP)
Security in Django: overview of Django's security features and advice on securing a Django-powered site
Django Deployment Checklist: useful checklist before deploying a Django website

OWASP Zed Attack Proxy (ZAP): Open-source web app scanner
Mozilla Observatory: set of tools to evaluate security methods
PageSpeed Insights: web performance auditing tool by Google
CSP Evaluator: allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks