The website's structure migth not be intuitive and there's certainly some outdates stuff there, but their TOP 10 (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...) is a great starting point and they have some nice stack/language-specific docs as well.