One resource I am not sure I have directed people to in the past is
the CWE/SANS Top 25 most Dangerous Programming Errors. This is a fantastically detailed list and the website provides guidance to programmers, developers, and others of all levels. Since the new CWE/SANS Top 25 for 2010 was just released, I figured this is a great time to mention it.
From the website:
The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software.
The CWE/SANS Top 25 differs from the OWASP Top 10 by "cover[ing] a broader range of issues than what arise from the web-centric view of the OWASP Top Ten" (Ref.). Meaning that the Top 25 list is not restricting itself to programming errors in web applications. I have learned a lot from looking at both sources.
You will see overlap between the OWASP Top 10 and the CWE/SANS Top 25, but DO NOT let that stop you from looking at both. Each will provide you with reinforcement of application security concepts.