I had the pleasure of working with the Microsoft Office security test team on the new book Hunting Security Bugs released from MS Press. My job included technical editor mostly and providing feedback where I could. The book imparts the authors knowledge of testing software to find security related bugs like buffer overruns, race conditions, format strings, cross-site scripting, sql injection, XSRF, XML issues, repurposing attacks and a bunch more.

This book should be a part of any security researchers collection.

http://www.microsoft.com/MSPress/books/8485.aspx