I just wanted to post this pointer to another article of mine that ITWorld is running. This one is an explanation of some ideas of different approaches to doing security testing of applications.
If you are considering app testing, and want to get an overview of pent testing, code review and hybrid processes, this is probably a good start. You can then dig deeper into the mechanisms and such via sites like OWASP, SANS, etc.