Excellent book which contains more than enough technical material for penetration testers and developers alike. It's detailed and goes into many of the layers which make up web applications, explaining vulnerabilities at each level, and hints on how to find them.