If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...
If you have a not-so-usual solution for your problems but need to justify it to your boss...
If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...
...then 'No Bugs' Hare on Soft.ware might be the right place for you.
Your mileage may vary. Batteries not included

This category is dedicated to security best practices when applied to software development.
While we cannot provide a comprehensive list (yet), we are planning to keep expanding it.

Security Best Practices, page 2:

Avoiding ugly afterthoughts. Part b. Coding for Security, Coding for i18n, Testing as a Part of Development

Quote: “Doing sanitization at IDL level automates quite a bit of tedious-and-error-prone work, which is always a Good Thing™”
Another Quote: “Hey, this whole thing can be made MUCH simpler, the only thing we need to acknowledge is that the best identifier for a string is the string itself!”

Password Hashing: Why and How

Abstract: Password hashing is a Big Headache, and doing it right is complicated
Quote: “Note that none of the C++11 random number engines (LCG, Mersenne-Twister, or Lagged Fibonacci) can be considered good enough for cryptographic purposes – in short, they’re way too predictable and can be broken by a determined attacker, given enough output has leaked.”

Part VIIb: Security (concluded) of 64 Network DO’s and DON’Ts for Multi-Player Game Developers

Quote: “What is practically very important – is to keep all the “unsanitized” data in one place.”
Another Quote: “What will happen if attacker got the whole database of your users’ passwords?”

Part VIIa: Security (TLS/SSL) of 64 Network DO’s and DON’Ts for Multi-Player Game Developers

Quote: “Design of secure protocols is a thing which even security professionals have lots of problems with.”
Another Quote: “In the security field, if you can disable something unused – you SHOULD do it”