Application Security Testing and Training?

slashDoug asks: "I am a career tester that now has an opportunity to bring application security testing in-house in the form of training. We have a network team that already does network, penetration testing and hardware hacking to keep our web infrastructure and sites secure, but I am interested in focusing on the security flaws of our designed web applications. I have read through a couple books on the subject which have different insights ('How to Break Software Security' by James Whittaker, and 'Writing Secure Code' by Howard and LeBlanc) and would like to bring that kind of knowledge to the other testers in my group. Does anyone have any recommendations on training groups that I could bring in-house to train a team of software testers? Your thoughts and recommendations are greatly appreciated!"

Re:OWASP, Matching the training to the individual

Just a follow-up on the OWASP stuff -- going through webgoat might be an interesting exercise. It's a hands-on approach to how web security might be compromised by more malicious types. You're probably more advanced than any of the stuff but if nothing else, it's a good refresher course to reinforce what you've learned.