Here are a number of good resources I found:
- http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-moore/bh-us-04-moore-up.ppt (see slide 'parenting problems' for the mention of the technique I used to get the two IBM AppScan TreeViews to show side-by-side in a separate process)
I always find amazing how the security-focused research papers are a great source of 'how it REALY works' material, specially when compared with the normal/official content which describes 'how it works' , which is usually: 'how it should work' :)
This is one of the added-values that the 'Application Security' space should bring to the table. Instead of being a TAX on devs (and companies), Application Security should have the responsibility to describe and document WHAT is really happening, how it really WORKS, and what are the implications/interconnections of the code created/published (with security-vulns being one of the areas analysed/reported).