We buy that book, along with _The Tangled Web_, for candidates to Matasano. We like both books a lot (I wish WAHH had a title I wasn't embarrassed to say out loud, though).
The other book candidates here tend to get is _The Art Of Software Security Assessment_.
Seconding the recommendation for both of these books. They're both sitting on my desk here and they're both excellent. Tangled Web does a great job of explaining why browser and web app security is in the state that it's in, and each chapter includes a "cheat sheet" at the end of things a developer can do to further secure his web app. Web Application Hacker's Handbook contains exactly what's on the tin: a pretty thorough explanation of how to pull of many of the common exploits, along with the explanation for how/why they work.
While we're talking books and education... tptacek, could you share any resources that you are acquainted with, specifically on the topic of SSL/TLS? I feel a need to really ramp up my knowledge in this space, and would be glad to hear any recommendations you might have.
Note that I'm looking at this from a deployment / administration POV, not programming. I don't want to implement TLS from scratch, just understand the various issues and implications involved in rolling out TLS.
If you have some suggestions, they are much appreciated.
The other book candidates here tend to get is _The Art Of Software Security Assessment_.