Hi folks. I've been reviewing/looking at job posts recently and I've always wondered, how do people get better at securing their app? I can read books about it (Also, what are your book/blog recommendations?), but how do I practice? I know the basic stuff like SQL injection and XSS scripting, never trusting what the user is going to send, but any tactics/strategy to get better at this (or to at least consciously think of when programming/designing software)? I'm a web developer.