If you're using django, there's a chapter in the Two-scoops of django 1.6 book that covers django security. Have you looked into framework specific resources? If you're using one of the big ones, this may be the most practical place to start.
Nikto, and other free web app vulnerability scanners can be good for both learning and practical use in the real world (albeit not much more useful than low-hanging fruit). http://sectools.org/tag/web-scanners/
"a purposefully vulnerable Django application. comes with a series of writeups for the vulnerabilities we've added to the code. Each tutorial comes with a description of the vuln, a hint to where to find it, and then the exact bug and how it could be remedied."
Nikto, and other free web app vulnerability scanners can be good for both learning and practical use in the real world (albeit not much more useful than low-hanging fruit). http://sectools.org/tag/web-scanners/