The Staysafe blog has some great resources, including my fav: "Why Social Engineering Always Works".

If you want to know the Microsoft way to write secure web apps, check out this post with an extensive list of Microsoft resources.