“Beyond Passwords: 2FA, U2F and Google Advanced Protection” is a rather lengthy, but insightful article on the subject of 2-factor authentication, multi-factor authentication, and other related options. It nicely explains which option is which and how it works, as well as clears a lot of confusion between these terms.
The article itself is not too technical, so it’s strongly recommended for anyone dealing with authentication, sensitive data, and security in general.
Password Exposed Helper Function is a tiny PHP library that helps checking user passwords against the Have I Been P0wned website API.
This is quite common new functionality on many websites and services (see GitHub, for example), which is now available as a quick composer dependency for your PHP projects.
“Advanced web security topics” blog post goes over a variety of ways that a web application can get p0wned. Some of these include:
“Practical Cryptography for Developers” is a free book (with GitHub repository) by Svetlin Nakov, which aims at teaching developers some of the most practical concepts of cryptography. The book covers hashing functions, random generators, symmetric and asymmetric keys, digital signatures, and more. Each chapter is rich with diagrams, illustrations, code samples, as well as exercises.
CMS Scanner is a security tool from Open Security crew that you can host locally and use for security scans of WordPress, Drupal, Joomla, and vBulletin websites. I think that having an automated tool like that is way better and more productive than a thousand blog posts on how to secure your installation of a particular software.