I guess starting with secure development would mean three steps:
Identify and understand the big picture: what may go wrong
This means understanding the technical aspects of a vulnerability and how it helps making things go wrong.
Typically, I'd go with the OWASP's Top 10 web application security vulnerabilities (google: owasp top 10 2007).
If you don't understand it, then, please, ask for guidance. Understanding such a document doesn't directly tells you how to build secure code but it is a good indicator on your level of understanding on secure development.
Find good general practices that lead to secure development
While many documents tell you how things may go wrong, few resources actually tell you how to avoid them in a general way.
Currently, I'd mostly recommend these resources:
- David Rook's "Secure Development principles" (google: david rook principles of secure development)
- OWASP's Top 10 vulnerabilities protection section pages (each entry is clickable on the online version of the Top 10)
Find resources tailored for your technology
Get access to resources that tell you "how to do this" in a language that you speak. Typically, C#. The MSDN portal provides developers with many security checklists (http://msdn.microsoft.com/en-us/library/ms998408.aspx).
Finally, get into it: connect to regular input on application security, find blogs, read news (build Google alerts with some vulnerabilities names or words such as 'application security' or 'secure development') and see what happens.
Hope it helps.
sb
PS: sorry for the 'google' links, I am a new user and can only post 1 url in my answers :(