I've been meaning to write a review on this book for a while now, and I just never seem to be able to get around to it for some reason.
To be honest, if you're into web application hacking, then I'm pretty sure that you've probably already purchsed this tome of knowledge, if you haven't, what are you waiting for?
This covers a lot of the intricacies of web application penetration testing, and really has proved to be an invaluable resource to me. Let's put it this way, I actually have 2 copies, one for the office and another for home.
This is also an amazing read for any web application developers, as it shows you the kind of things to look out for, and how to mitigate against them, thus you help us to help you!