Ask HN: the best(s) web security book for web developers

11 pointsdheavy13y ago4 comments

What are, in your opinions, the best web security books available for a web developer today?

The kind you would have on your desk along your Rails/Django/JS classics when building a web app with your team?

4 comments

4 comments · 4 top-level

jyu13y ago

I'd also like to know Security 101 for web developers.

In a recent appsec thread, there were two books that a lot of people recommended:

http://www.amazon.com/The-Tangled-Web-Securing-Applications/...

http://www.amazon.com/The-Web-Application-Hackers-Handbook/d...

https://news.ycombinator.com/item?id=5862102

tptacek13y ago

We're a software security firm, and when promising candidates reach out to us and tell us they're worried that they don't have a lot of exposure to web app security, we buy them _The Web App Hackers Handbook_ (I invariably apologize for the stupid title) and _The Tangled Web_.

LarryMade213y ago

I think a lot of those security checklist things are a good guidemap of what you need to do. Then add to that a security book specific to your application's programming language(s)

Heres one, there are plenty more: http://www.techrepublic.com/blog/security/ensure-basic-web-s...

dheavyOP13y ago

Thanks for your input guys, it's very valuable!

j / k navigate · click thread line to collapse