What are, in your opinions, the best web security books available for a web developer today?<p>The kind you would have on your desk along your Rails/Django/JS classics when building a web app with your team?
I'd also like to know Security 101 for web developers.<p>In a recent appsec thread, there were two books that a lot of people recommended:<p><a href="http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886" rel="nofollow">http://www.amazon.com/The-Tangled-Web-Securing-Applications/...</a><p><a href="http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470" rel="nofollow">http://www.amazon.com/The-Web-Application-Hackers-Handbook/d...</a><p><a href="https://news.ycombinator.com/item?id=5862102" rel="nofollow">https://news.ycombinator.com/item?id=5862102</a>
We're a software security firm, and when promising candidates reach out to us and tell us they're worried that they don't have a lot of exposure to web app security, we buy them _The Web App Hackers Handbook_ (I invariably apologize for the stupid title) and _The Tangled Web_.
I think a lot of those security checklist things are a good guidemap of what you need to do. Then add to that a security book specific to your application's programming language(s)<p>Heres one, there are plenty more:
<a href="http://www.techrepublic.com/blog/security/ensure-basic-web-site-security-with-this-checklist/424" rel="nofollow">http://www.techrepublic.com/blog/security/ensure-basic-web-s...</a>