Most of the time when we analyze a software, we search the man page for usage of certain API and sometimes about the pattern of the code. Over a period of time you create a set of patterns in your mind. Sometimes we can learn that patterns from few Secure Coding standards websites. They give example on how not to write. This is the other way of learning to find the bugs. Here is the list of Secure Coding Standards links that I could able to find. If you have any more, please add it in the comment.
http://community.corest.com/~gera/InsecureProgramming/
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637
https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
CERT Oracle Secure Coding standard for Java
http://www.viva64.com/en/a/0065/ (A Collection of Examples of 64-bit Errors in Real Programs)
http://www.viva64.com/en/a/0042/ (Seven Steps of Migrating a Program to a 64-bit System)
http://www.viva64.com/en/l/ (Lessons on development of 64-bit C/C++ applications)
http://www.oracle.com/technetwork/java/seccodeguide-139067.html (Secure Coding Guidelines for the Java Programming Language, Version 4.0)
http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html
Apple’s Secure Coding standard
https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/305-BSI.html
Klocwork’s CERT C and C++ Secure Coding Standard
https://www.securecoding.cert.org/confluence/display/seccode/Klocwork+Cross+Reference
http://grouper.ieee.org/groups/plv/
https://www.owasp.org/index.php/Secure_Coding_Principles
http://developer.klocwork.com/klocwork-university/security-innovation/secure-coding
http://www.saferc.com/
http://stackoverflow.com/questions/4780410/secure-c-coding-practices
Don’t forget bobby tables
http://bobby-tables.com/
Pingback: Secure Coding Practices « MadMark's Blog