The SANS institute in collaboration with different software vendors, academics, security analysts and NSA had compiled a list of the Top 25 most dangerous software mistakes.
The list contains information on the steps that allow a hacker to compromise a piece of code. This ranges from the most obvious and well kwn no Injection Attacks to the more trivial but widely ignored data encryption and hard-coded passwords.
Any Software developer will find these information very valuable. Insecure software is becoming quickly a huge obstacle in the way of advancing online communications. The list is available at:
http://www.sans.org/top25errors/
Here is a mirror copy: cwe.mitre.org/top25/
This page contains reviews of security auditing software: http://www.sans.org/whatworks/