I highly recommend Hacking APIs by Corey Ball. It is the definitive guide for application security researchers and developers for learning how to test the security of APIs, which are the new achilles heel of mobile and web applications. This book is very concise and practical. I have learned a lot from it and applied it. I hope that you can to.