‘SQL Injection Attacks and Defense’ co-authored by Dave Hartley (Activity’s CREST Certified consultant and CHECK TL) has been receiving very positive reviews and is on the must read list for most application security consultants, along with the ’Web Application Hackers Handbook’. 

If you are interested in reading a review click on a link below:

BCS

Net-security.org 

Amazon review and buy link