Advosys Consulting. "Preventing HTML Form Tampering." 2001. See http://advosys.ca/tips/form-tampering.html. Lots of good technical tips.
Advosys Consulting. "Writing Secure Web Applications." 2001. See http://advosys.ca/tips/web-security.html. As above, many sound technical tips.
Aleph1. "Smashing the Stack for Fun and Profit." Phrack Magazine. 49-14. 1996. See http://www.phrack.org/phrack/49/P49-14. Detailed, accurate, and deadly.
Al-Herbish, Thamer. "Secure Unix Programming FAQ." 1999. See http://www.whitefang.com/sup. Excellent and detailed, with good technical detail.
Anderson, Robert H. and Anthony C. Hearn. "An Exploration of Cyberspace Security R&D Investment Strategies for DARPA: The Day After... in Cyberspace II." Rand Corporation. MR-797-DARPA. 1996. Abstract available online at http://www.rand.org/cgi-bin/Abstracts/e-getabbydoc.pl?MR-797. A discussion of security retrofitting as part of a strategy for critical infrastructure protection.
Anonymous. "SETUID(7), the SETUID Man Page." Date unknown. Available online at http://www.homeport.org/~adam/setuid.7.html. Perhaps the earliest discussion of the security issues involved with Unix setuid programming, and certainly one of the best.
AusCERT. "A Lab Engineers Check List for Writing Secure Unix Code." Australian Computer Emergency Response Team. 1996. Available online at ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist. One of the first such formulations. It was one of the ...