

Ask HN: the best(s) web security book for web developers - dheavy

What are, in your opinions, the best web security books available for a web developer today?<p>The kind you would have on your desk along your Rails&#x2F;Django&#x2F;JS classics when building a web app with your team?
======
jyu
I'd also like to know Security 101 for web developers.

In a recent appsec thread, there were two books that a lot of people
recommended:

[http://www.amazon.com/The-Tangled-Web-Securing-
Applications/...](http://www.amazon.com/The-Tangled-Web-Securing-
Applications/dp/1593273886)

[http://www.amazon.com/The-Web-Application-Hackers-
Handbook/d...](http://www.amazon.com/The-Web-Application-Hackers-
Handbook/dp/1118026470)

[https://news.ycombinator.com/item?id=5862102](https://news.ycombinator.com/item?id=5862102)

------
tptacek
We're a software security firm, and when promising candidates reach out to us
and tell us they're worried that they don't have a lot of exposure to web app
security, we buy them _The Web App Hackers Handbook_ (I invariably apologize
for the stupid title) and _The Tangled Web_.

------
LarryMade2
I think a lot of those security checklist things are a good guidemap of what
you need to do. Then add to that a security book specific to your
application's programming language(s)

Heres one, there are plenty more:
[http://www.techrepublic.com/blog/security/ensure-basic-
web-s...](http://www.techrepublic.com/blog/security/ensure-basic-web-site-
security-with-this-checklist/424)

------
dheavy
Thanks for your input guys, it's very valuable!

