It’s three years old but Andres Andreu has put together a gem of a book on Web security testing:
It covers Web apps, some commercial scanners, and practically every open source tool available for Web security testing. It also has some of the best coverage I’ve seen on testing Web services.
Andres must’ve had a lot of time on his hands when he wrote it…I know firsthand how much effort it takes to put together technical material and this book is chock full of it.
Check it out…and kudos to Andres!