I've had a lot of trouble bringing people into C that have a strong background in (say) Python, but I don't remember C being all that hard for me --- but that might be because I didn't have any other options, besides Borland Turbo C, when I was getting started.
Also: wow do I hate the OWASP Top 10. Can we just rattle off an HN Top 10 right here? It'll be better.
2. CSRF / Clickjacking / Reframing
3. SQL / db-metacharacter Injection
5. Unauthenticated Encryption and Bad Block Cipher Mode Handling
6. Filesystem/Backend Storage Path Sanitization
7. Exposed Admin/Diagnostic Functionality
8. Memory Corruption Vulnerabilities in Native Code Extensions (cext gems, &c)
9. Shell-out Command Injection
10. Insecure Password Hashes
I feel like mass assignment, resource exhaustion, filter return code mistakes, and wildcard routes all belong somewhere, but they feel too Rails-y for a generic list.
Imagine if someone said to write a secure program for some computer. But, btw, there's going to be an attacker logged in via VNC at all times you'll need to defend against. I'd just throw up my hands and walk away.