ISO/IEC TR 24772:2013 "Guidance to avoiding vulnerabilities in programming languages through language selection and use" is one of the most useful application security resources I have seen so far, especially among ISO standards.
Source code security reviews and scanning (SAST, or less frequently SCA) is one of the most effective techniques to reduce number of security related bugs in software. As of 2013 it's still not very widespread due to a number of limiting factors.
SAML assertions are becoming popular method for passing authentication and authorisation information between identity providers and consumers using various single sign-on protocols. However their practical security strongly depends on correct implementation, especially on the consumer side. Somorovsky and others have demonstrated a number of XML signature related vulnerabilities in SAML assertion validation frameworks. This article demonstrates how bad library documentation and examples can lead to vulnerable consumer code and how this can be avoided.
Most website owners struggle to get their website best positioned in search engine results and the rule of thumb seems to be "the more indexing the better". How does this impact website susceptibility to hacking?