TLDR; What are your favorite resources for how to build a secure webapp?
I've been looking to learn how to secure web apps more systematically. Just thinngs that (should be) well-understood by now--logins, customer data security, how to take payments with or without storing credit card info (even if that's just using a third-party processor). I've found the OWASP site, which seems poorly maintained and terribly organized, and a bunch of books that focus on how to pentest existing apps. The books that focus systematically on security, like Security Engineering, are extremely general and don't explicitly cover the webapp use case.
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...
Troy Hunt has some good advice on his blog and a site for checking for issues:
http://www.troyhunt.com/
https://asafaweb.com/