I recently completed an overview of web security testing for my team. Below are the links I used as resources. I consider the OWASP Testing Guide to be the most useful.

Payment Card Industry Security Standards
PCI Security Standards Council – https://www.pcisecuritystandards.org/
PCI Data Security Standard – https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf

Open Web Application Security Project (OWASP)
OWASP Main Site – http://www.owasp.org
OWASP Top 10 (2007) Web Application Vulnerabilities – http://www.owasp.org/index.php/Top_10_2007
OWASP Testing Guide (v2) – http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents

SANS Institute (SANS stands for SysAdmin, Audit, Network, Security)
SANS Main Site – http://www.sans.org
SANS Top-20 Internet Security Attach Targets – http://www.sans.org

United States Computer Emergency Readiness Team (US-CERT)
US-CERT Main Site – http://www.us-cert.gov/
US-CERT Security Alerts (Technical) – http://www.us-cert.gov/cas/techalerts/
US-CERT Security Bulletins – http://www.us-cert.gov/cas/bulletins/

Vendor Sites and Resources
SPI Dynamics – http://www.spidynamics.com/
     
White Papers – http://www.spidynamics.com/spilabs/education/whitepapers.html

     
Cross Site Scripting White Paper – http://www.spidynamics.com/assets/documents/SPIcross-sitescripting.pdf

     
SQL Injection White Paper – http://www.spidynamics.com/assets/documents/WhitepaperSQLInjection.pdf

Fortify Software – http://www.fortifysoftware.com/
     
Fortify Taxonomy: Software Security Errors – http://www.fortifysoftware.com/vulncat/