Gary McGraw (co-author of the newest must-read application security book, Exploiting Software: How to Break Code) mentioned his own list of recommended application security books to the SC-L yesterday. You can see the list on Amazon:
https://www.amazon.com/exec/obidos/tg/listmania/list-browse/-/3C2SNAN1EZDVI/ref=cm_mpemr_lm/
I have most of these, and I also highly recommend these books. I don't have, though, the “Cowgirls” book. But as he said in his comment: “One of these things is not like the others...”. :)