Books

• The Tangled Web: A Guide to Securing Modern Web Applications

Github

• Web Security Basics (from Github)
• Web Security Basics
• awesome-web-hacking
• Security Guide For Developers
• OWASP - Dev Guide

Articles

• Martin Fowler - The Basic of Web Application Security
• Simple Talk - Securing Web Applications
• Google Browser Security Handbook
• Hacker News

Online Service ($)

• Gauntelt.io - Secure Your Application

Tools

• OWASP Zed Attack Proxy Project

  one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing

• DOMPurify
• XSS

References

• HTML 5 Security Cheatsheet