Martin Fowler of ThoughtWorks published a detailed and very useful guide to threat modelling for developers. The guide walks through the process of modelling data flow and identifying potential risks.
France's Commission Nationale de l'Informatique et des Libertés published a great wide ranging GDPR guide for developers, covering compliance, securing source code, infrastructure selection and data retention management among other things.
Git Guardian have produced a great list and cheatsheet of the best ways to store and manage secrets such as API keys, including not posting them in slack and Secret-as-a-Service solutions.
Know your Elastic Beanstalk from your Snowball? Yeah, me neither. Thankfully Joshua Thijssen has put together an extremely useful list of one line descriptions of all the different Amazon AWS products.
Paul Boyd published a great post on the differences between password storage methods.Key Derivation Functions > Salted Hashes > Hashes > Encyption > Plain Text.
Deepak Gupta provides a very useful list of thirteen security tips for front-end developers, including disabling iframe embedding, using noreferrer anchor tags, and compartmentalising your application to reduce the threat surface area.
