The Open Web Application Security Project (OWASP), a community focused on improving the security of application software offers a couple of books for download. Besides the free download versions, you can buy paperbacks for as low as $6.
Grab the books from OWASP Lulu store. The publications include:
- OWASP Top10 – Testing – Legal 07
- OWASP WebGoat and WebScarab
- OWASP Code Review – 2007 (RC1)
- OWASP Evaluation And Certification Criteria
- OWASP Top 10 – Ruby on Rails version
- OWASP SpoC 2007
- OWASP World (Nov 2007)
- OWASP Guide 2.0 (2005)
Via Information Security Place.