There will be a new book about mod-security coming out : ModSecurity 2.5.
ModSecurity is essential when it comes to secure any web site.
It will make the work of the attacker much harder and it may save you even if your favorite dynamic pages have a security hole.
However, it must be configured wisely to be efficient. It is just a firewall that works at the application layer : you need to know the attacker point of view and the basics before writing any mod-security rules, otherwise at best it will useless (and at worst, it will kick legitimate traffic off).
So, stay tuned : I will talk more about the ModSecurity stuff and publish a review about this book soon.