Recently I got Martin Johns connected with Helen Wang's group in Microsoft Research. Check out Martin's excellent talk @MSR, Secure Code Generation for Web Applications.
Here are a few other gems I discovered on content.digitalwell.washington.edu:
Techniques and Tools for Engineering Secure Web ApplicationsGary Wassermann, 3/13/2008
Improving Software Security with Precise Static and Runtime AnalysisBenjamin Livshits, 6/26/2006
End-to-end Security for Web Applications: A Language-based ApproachNikhil Swamy, 4/1/2008