Ask HN: Best (practical) books on web security?

10 pointsingvul4y ago2 comments

I would like to learn more about topics like:

- DMZ

- bastion hosts (should we use them? Why or why not)

- ssh

- best practices

in the context of web development on the cloud. I've found a lot of material but they are very cloud-focused (aws/gcp security, for example) or rely a lot on Kubernetes (which I'm not using). I'm a solo-developer maintaining a simple Saas and I would like to keep it (more) secure than it is right now.

2 comments

ivanr4y ago

You mention web security in the title and that normally means web application security, but the body of your question talks about network security. Which of the two do you care about more? There won't be a book that covers both.

For network security—which is what I think you're asking for—I think you will enjoy Practical Cloud Security, by Chris Dotson: https://www.amazon.com/Practical-Cloud-Security-Secure-Deplo...

mophose4y ago

OWASP is a good place to start for Web application security

j / k navigate · click thread line to collapse