Is there a book out there, or any other type of resource (website, video series, online course...) about practical security for (web?) application developers, that is highly regarded as a good overview of the field?
I'm looking for something similar to Designing Data-Intensive Applications, that is able to present the theory and protocols in an accessible manner, how those concepts are implemented in state-of-the-art products and libraries, and how to understand the tradeoffs of picking one over the other.
Either centered on authentication and authorization (SSO, OAuth, SAML, OpenID Connect, bearer authentication, JWT, etc.), or ideally more generally discussing the main security concepts that you encounter day-to-day as an application developer: encryption, hashing, salting, signature, certificates, etc.
I've found some books but none particularly stands out.