We host a monthly tech meetup, the “Waterloo Technology Chautauqua”. This months topic was around securing a web site (or app, api). I talk about the basics (Content-Security-Policy, Cross-Origin Request Sharing, and the XSS- headers, as well as TLS. These are the Security 101, before we get into the deeper penetration tests.
We show a couple of reports for real sites, and talk about the risks. The video is at the bottom here, and the presentation is below.