Secure coding techniques

[_kiss_ <smcsoc () yahoo es>]

Hi all,

I am currently involved in a project that deals with defining a secure 
development policy for a development team.
They are using Apache/Tomcat/Oracle with Java Servlets/JSP technology.
I have found some documents about common issues (which I knew from 
previous audits), but I would like to know
if there is currently a compendium of secure coding techniques in these 
programming languagues, I mean, a document
that is more defense-centric than attack-centric.

Hope you can help me. Thanks in advance.