Mandatory reading so that everyone is on the same page (Reading time: 22 minutes total)
https://owasp.org/www-project-top-ten/ Reading time: 5 minutes
https://www.empr.com/home/features/doctor-gets-jail-time-for-hipaa-violation/ reading time 10 minutes. Lesson: Privacy rights are better enforced than ever. Ignorance of a law is not accepted as an excuse for breaking it.
https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html Reading time 7 minutes. Lesson: ISO 27001 certification is a starting point. Following basic security practices, such as keeping things up to date, is critical to having secure systems.
Supplemental
https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf Reading time: 40 minutes
https://www.peterwhelan.com/petesprofessionalprogrammerplaylist/ by Peter Whelan, creator of the PAWS™ index
https://www.clickstudios.com.au/passwordstate.aspx Reading time: 10 minutes
https://securecodewarrior.com Make a game of learning secure coding practices, build a team and compete!
http://www.gameofhacks.com/ Another way to make a game of it. 5 minutes Ironically, they do not use HTTPS
If you can decrypt this, you know what to do WVVoU01HTklUVFpNZVRsM1dWaE9NRnBYU25CaWFUVnFZakl3ZGxKdWNIaE5NVVo0WVd4Rg
Some good books
Writing Secure Code (Developer Best Practices) 2nd Edition, by David LeBlanc, Michael Howard
Building Secure Software: How to Avoid Security Problems the Right Way by John Viega
The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems by Robert C. Seacord
The CERT Oracle Secure Coding Standard for Java by Fred Long, Dhruv Mohindr