To add some color to this great suggestion - The Web Application Hacker's Handbook is a better resource for learning to break web applications than for learning to build them properly. It will teach you every about almost every vulnerability that can be classified and how to find it.
The Tangled Web is better for learning the underlying causes of various issues presented in the former book and for learning how to prevent them. It has excellent, practical checklists at the end of every chapter for anyone building an application.
Understanding how to hack something is (arguably the most) important knowledge for a securing that something. If you don't know how it can break, how can you fix it?
If you don't know that something can break, it's hard to get it right. But I have many colleagues who've never exploited a buffer overflow, but who still do a fine job of counting their bytes. High code quality and coding patterns that reduce mistakes are really important; knowing a little about exploitation is useful to judge impact and to design anti-exploit defenses, but don't overestimate the impact - defenders' time is often better spent elsewhere. (Of course, hacking is sexy.)
The Tangled Web is better for learning the underlying causes of various issues presented in the former book and for learning how to prevent them. It has excellent, practical checklists at the end of every chapter for anyone building an application.