Good day HN,<p>I'm sure everyone's been there with their side-projects, and I'm wondering what good resources are available/highly recommended:<p>I'm looking at a potential side-project, that would necessarily involve collection of private and potentially sensitive data from people who use it.<p>There are lots of articles available on how to (basically) secure a web server, XSS, password storing, encryption at rest, etc, and I have some idea of what to look out for. It is, however, very broad, and you generally need to know the issue exists, before being able to search for it. Ideally, I'd like to cover as many bases as possible before launching, to make sure everything is as secure as I can make it.<p>Are there books/courses/websites/etc available that takes a top-down approach to website/service security, that:<p>1] At least points out areas of concern<p>2] Provides an indication of current best practices and tools<p>3] Lists technologies/services/providers that are inherently more secure than others for projects like this<p>4] Provides links to further resources<p>5] Anything else that I may have left out here.<p>Thank you!