In my opinion, the best practice for securing your apps will always be: understanding the security threats properly. Once you know your enemies, you'll (hopefully) know if you are vulnerable or not, and how to correct it.
OWASP Cheat Sheet Series are a very good start.