OWASP publishes guides that provide tools for developing and testing secure web applications.
We list the most important publications for you:
OWASP Testing Guide
The OWASP Testing Guide is the guideline par excellence for our field: conducting penetration tests on web applications. The guide provides a vulnerability classification framework and provides clear procedures for identifying it. The most recent version (4) was released in September 2014.
OWASP Code Review Guide
The OWASP Code Review Guide provides guidance for identifying vulnerabilities through code analysis. The most recent version is 2.0.
OWASP Developers Guide
The OWASP Developer Guide is the first OWASP project. The first version of this manual was published in 2002. The Developer Guide has not really broken through as a guide for developers, the intended target group. The original guide is more focused on performing a security test. Nevertheless, the 2005 version contains many useful tips and directions and going through it is a good preparation for a security test. A fully updated version is currently being prepared.