Wow Homakov, other great write up! I'm really interested in what resources you used to learn all this stuff! Would you mind doing a "recommended books and blogs" post anytime soon?
honestly, i didn't read a single book about web sec. I just learn things one by one and if something looks weird i investigate. This is why sometimes i publish "known" stuff.
You can sign up for Cryptography courses at Coursera.org. You learn about basic tenets of crypto like attacker games, cryptogaphic advantage, cracking some exploits (AES-CBC). If you do the problem sets and programming assignments and pass the course without help, you are off to a very good start I would say.
