Man my company is not aware of security. Even i am a first person in my company to develop their proper websites. They were only having 5 page html site with poor design. I came in and introduced them with CMS and other technologies. I already asked my manager about security pen-testing but the answer is always "No i don't think we need that at the moment". I know they trust me and will let me do anything i want and i will get the permission for that but even for that it will take 6 months as right now they only want me to develop websites i already made 3 sites it is a group of company so all 13 subsidiaries need websites. My concern is to practice my pen-testing skills which i am not getting time to. My working hours are 8 to 7, 6 days a week. On the other hand security need a lot of time and practice. I will for sure go through all the links you provided.
In 2008 I did my first penetration testing. After that i had a long gap. Now i think the entire scene is changed. Lets see how i will get back to it..