In an ideal world, we would catch all vulnerabilities during the earlier stages of the software development life cycle (SDLC) and fix them before deploying our web applications in production. However, this is often unattainable due to applications relying on external projects (software supply chain), not to mention potential issues within our own code. This is why it's essential to implement additional measures post-deployment to ensure that assets are protected and monitoring systems are in place to respond to suspicious events. Such measures include deploying a WAF, RASP, EDR/XDR, and native sandboxing solutions. Unfortunately, even with these solutions in place, guaranteed security remains elusive. This is the central theme of the book below, which I have just begun and will continuously update with the latest findings, practices, etc.
