My previous employer organised internal security training for QAs. As coming not from development background, they were good, but too tough for me. There is really good free resource on pluralsight.com by Troy Hunt "Hack yourself first". It is declared for developers to deepen their knowledge of security. Myself I found it really cool as the author explains everything clearly with good examples.