General Security Information
For anyone embarking on a security audit, a number of sources of information are available:
Web Security and Commerce (O'Reilly & Associates, 2001), by Simson Garfinkel and Gene Spafford, is a wealth of information about all general issues relating to security.
ASP, MTS, ADSI Web Security (Prentice Hall PTR, 1999), by Richard Harrison, is a good book for those involved in Microsoft Security audits.
A set of articles on various issues related to security is available at http://www.sans.org/infosecFAQ/securitybasics/basics_list.htm. General security questions are answered at http://www.w3.org/security/faq(although some of them are quite out-of-date, sadly).