Make your development team into security experts
Have them hack real, vulnerable applications in the browser, then see how the code can be made secure
Have them hack real, vulnerable applications in the browser, then see how the code can be made secure