If you're a code slinger for Microsoft platforms then you might find Microsoft's Patterns and Practices Security Wiki useful. There's a lot of useful information both at the code level and server level. For example, you can find information that helps you with design, code reviews, deployment, threat modeling, and much more. Even server admins might find helpful information in the articles on how to lock down IIS 5 and SQL Server 2000 .