I'm starting a new web application project that I would like to release into the wild, and I'm trying to get into the habit of following best practices early.
Are there any good guides out there for creating a web application that can survive in the real world? Most tutorials I've seen thus far include setting up the model, controller, views and even some unit testing but usually include the phrase "for a real application you would of course include caching/security checks/logging etc..."
Check out the OWASP project... This site is the absolute best resource I've found for web application security. they cover general guidance, and specific guidance for a wide variety of environments and development tools/languages.
Also, if you're dealing with PCI compliance, the OWASP Top 10 is base for the requirements in secure coding (section 6).
There's a lot of info there, so I would start with the Top 10.
I also like the Microsoft guidance on writing secure code for something a little easier to start with, but I would consider it an appetizer to the OWASP main course.
Maybe you should check out this EPIC post: What should a developer know before building a public web site?.