Reddit reviews Iron-Clad Java: Building Secure Web Applications (Oracle Press)
We found 2 Reddit comments about Iron-Clad Java: Building Secure Web Applications (Oracle Press). Here are the top ones, ranked by their Reddit score.
I'm a big fan of this one for Java. It seems like it's just what you're looking for too. Note that it has some flaws though.
This is also an excellent resource.
I'd like to preface this by saying that I am certainly not the world's greatest security expert and that there are many people who are more qualified to speak to this matter. Hopefully some of them will see your post and chime in.
In my experience the less complex the product is, the easier it is to both maintain and secure. Therefore, knowing what you're building and how to build it gives you much better control over the security of it. Unless you're apart of an extremely tight-knit team that includes your SysOps and DevOps people or you're developing the product and the product's host environment by yourself, then there will always be aspects of security outside of your control. However, putting time and effort into the security of the product itself is typically a rewarding investment.
Books:
This book is focused on introducing security considerations into the phases of the SDLC. The information in this book is a bit more advanced than Security Software (included below) but not inaccessible to a beginner. Understanding architectural risk analysis is a valuable skill in any tech environment.
I would say this book is a must-have if you develop any sort of Java web app or API. The authors manage to cover a lot of territory in a very understandable format.
Another book that is primarily aimed at introducing security into each phase of the SDLC. When I first started working in software development I found it extremely helpful at convincing some "old guard" types why red teaming products is extremely valuable. You may want to read this before reading Threat Modeling.
Networking is definitely not my strongest skill but this book breaks down some concepts of network monitoring and threat detection in ways that are easy to understand.