Innocent Code: A Security Wake-up Call for Web Programmers

Author Huseby, Sverre
ISBN 0-470-85744-7
Find it WorldCat
Project Gutenberg
Buy it|ca|

For the most part it's fairly basic, but as an overview of web application security it's very good. It also included a few titbits about encoding-based XSS-type exploits that I had not heard about before. I think I need to spend more time with OWASP...