I took a 3 day class through the Institute of Information Security called the Certified Web Application Security Professional (CWASP™). The core of the class was a deep dive into the OWASP Top 10, how to test for them and remediate them. It was a blast to work through cross-site scripting labs and see how thing like session jacking work in real life. At the end of the class was a test.
I would recommend the class to developers, penetration testers, and security professionals. As a security professional, I took the class to increase my awareness about what are potential risks and vulnerabilities.