OWASP
The Open Web Application Security Project (OWASP) is an online community that tracks common vulnerabilities and publishes information about web application security.
The OWASP site is a treasure trove of information about web application security and vulnerability research. However, since information is kept in a somewhat-jumbled wiki format, it can take a while to find what you are looking for.
Each year OWASP publishes the list of the most common security vulnerabilities. If you read one thing on OWASP each year, it should probably be their top ten list.