Security Attacks Every Engineer Should Know: A Field Guide to the Techniques Attackers Actually Use
A structural, named-technique-by-named-technique walkthrough of the attacks a modern web application has to defend against — injection, authentication flaws, XSS, CSRF, IDOR, SSRF, deserialization, race conditions, supply-chain attacks, and more — with how each works and what to do about it.
SecurityArchitectureOWASP
