Ask HN: Best (practical) books on web security?
I would like to learn more about topics like:
- DMZ
- bastion hosts (should we use them? Why or why not)
- ssh
- best practices
in the context of web development on the cloud. I've found a lot of material but they are very cloud-focused (aws/gcp security, for example) or rely a lot on Kubernetes (which I'm not using). I'm a solo-developer maintaining a simple Saas and I would like to keep it (more) secure than it is right now. You mention web security in the title and that normally means web application security, but the body of your question talks about network security. Which of the two do you care about more? There won't be a book that covers both. For network security—which is what I think you're asking for—I think you will enjoy Practical Cloud Security, by Chris Dotson: https://www.amazon.com/Practical-Cloud-Security-Secure-Deplo... OWASP is a good place to start for Web application security