The NISR team have produced a variety of detailed papers exploring technical skills development and threat dissection. These papers are provided free of charge as an addendum to our other published materials.

Mainly Application layer stuff. Some good papers, especially the Best Practices papers. I find some many banks and commerce sites that don't properly lay out their site, allowing for easy exploitation.