Do you use open source software like ModSecurity? Do you pay for something like Fortinet? If you're in AWS, do you use AWS WAF?<p>Are there any books or references for security C#-based .NET Core applications? Hardening IIS?<p>Looking for enterprise answers as well as startup-friendly answers.