The OWASP Testing Guide
is an ideal reference for both developers and testers—version 2 was fantastic, and this new version is even better. The testing framework now covers 66 controls and, like in the previous version, each control has a brief summary and is described in detail followed by black box (no additional knowledge) and grey/gray box (partial knowledge) testing methods and examples where appropriate.
This should be mandatory
reading for all CISSP, CLSSP, software developers that are part of Indian outsourcing, Accenture, Wipro, Cognizant, Infosys and Satyam and of course those who are concerned with PCI...