Hi all,<p>Can anyone recommend any resources (books, websites, papers, lectures, etc.) about building secure websites and software services generally? I know this is a very broad topic, and so I understand that there won't be a one size fits all resource.<p>Topics that are of interest include:
- considerations for building a secure login on a website
- interfaces for authentication & authorization in web apis
- considerations for storing customer / user information
- considerations for communication between backend services and 3rd party services
- probably lots of other things that I haven't even considered!
OWASP Cheat Sheet Series [1] is a great place to start (for websites or HTTP services generally). Also see their Web Security Testing Guide [2] for a comprehensive list of security issues to watch out for:<p>[1] <a href="https://cheatsheetseries.owasp.org/index.html" rel="nofollow noreferrer">https://cheatsheetseries.owasp.org/index.html</a><p>[2] <a href="https://owasp.org/www-project-web-security-testing-guide/latest/" rel="nofollow noreferrer">https://owasp.org/www-project-web-security-testing-guide/lat...</a>
This may not be exactly what you are looking for but if you have specific topics you wish to learn more about then the Security [1] portion of StackExchange contains some decent questions and answers. ServerFault [2] also contains some server best practices. Stack Overflow [3] would have some of the coding best practices. Lurk on there for a while before asking questions as people expect a certain style of question formatting and some degree of research from someone in a related professional field prior to asking questions.<p>[1] - <a href="https://security.stackexchange.com/" rel="nofollow noreferrer">https://security.stackexchange.com/</a><p>[2] - <a href="https://serverfault.com/" rel="nofollow noreferrer">https://serverfault.com/</a><p>[3] - <a href="https://stackoverflow.com/" rel="nofollow noreferrer">https://stackoverflow.com/</a>