Recently I got Martin Johns connected with Helen Wang's group in Microsoft Research.  Check out Martin's excellent talk @MSR, Secure Code Generation for Web Applications.

Here are a few other gems I discovered on content.digitalwell.washington.edu:

Techniques and Tools for Engineering Secure Web Applications
Gary Wassermann, 3/13/2008

Improving Software Security with Precise Static and Runtime Analysis
Benjamin Livshits, 6/26/2006

End-to-end Security for Web Applications: A Language-based Approach
Nikhil Swamy, 4/1/2008