OWASP Guide to Building Secure Web Applications version 1.1
The Guide covers various web application security topics from architecture to preventing attack specifics like cross site scripting, cookie poisoning and SQL injection. The document is released under the GNU documentation license and is a community volunteer effort.
Download the paper in PDF format here.