|"Writing Secure Code" by David C. LeBlanc and Michael Howard.|
So far, I'm only at the chapter on Threat Modelling, but it has proven to be quite an enlightning read.
I heard about it in a course I took in training called, aptly enough, Developing Secure Software.
It's a required course for all developers and testers at Dell which is where I am currently employed. It was presented in a lab format by a representative from St. Edwards University's Professional Education Center.
The thing that really pulled me into the class was that it covered development of web apps, C/S database apps, and code in both C# and Java.
They walked us through both the apps in question, the techniques used to compromise said apps, and even the code / technical solutions to the vulnerabilities. Definitely the coolest training I've been able to attend to date here.
If you write and/or test code, even in non-Microsoft environments, you should check out this book. I got my copy on amazon for $7.95, so it's not even a particularly expensive learning tool. Don't you just LOVE a good sale ;) ?
There's a Kindle Edition, and a Paperback available. Links to purchase them from Amazon included for your convenience.