Here you will can find some references to secure coding practices and how to test for security

(Web security testing)[https://owasp.org/www-project-web-security-testing-guide/stable/]
(Secure Coding Practices for Javascript)[https://github.com/Checkmarx/JS-SCP]
(Open Web Application Security Practices) [https://owasp.org/]
(Secure SSO)[https://github.com/OWASP/SSO_Project]
(Threat modelling application)[https://github.com/OWASP/threat-dragon]
(Most common vulnerabilities in Javascript) [https://www.securecoding.com/blog/most-common-security-vulnerabilities-using-javascript/]
(Javascript Secure Code Coding Standard)[https://compliance.qcert.org/sites/default/files/library/2018-10/MOTC-CIPD_JavaScript_Coding_Standard(US).pdf]
(Common Weakness Enumeration Standard)[https://cwe.mitre.org/data/definitions/242.html]
(Attacks, Vulnerabilities, Controls)[https://owasp.org/www-community/]