The
Web Application Hacker's Handbook is the one I recommend. The author of this book is the creator of the Burp Suite of web application vulnerability tools
It covers Cross Site Scripting (XSS), which is the most difficult web vulnerability to deal with, but XSS should have its own book. For that reason, I also recommend
XSS Attacks. The guys who wrote that one are giants in web app security research.
Those two books will help you understand the attacks. It is up to you to keep current on the new variations on these attacks.