This is a bit of shameless self-promotion (well, my publisher asked me to), but I wonder if you would be willing to add a link to my book, API Security in Action? (I can send you a link for a free copy if you want to read it first - it is still in "early access" so not complete yet).
It has a chapter on basic secure application development techniques, and then chapters covering CSRF, etc. It covers JWT because it is hard not to, but is clear to point out the security weaknesses and covers alternatives like Macaroons and Paseto :-) (I also mention CipherSweet in a section on database hardening, so Paragon IE is well covered...)
I'd definitely be interested in reading this book but we have a strict policy of "always pay creators" (which includes artists) so I'll have to turn down the free copy.
This is a bit of shameless self-promotion (well, my publisher asked me to), but I wonder if you would be willing to add a link to my book, API Security in Action? (I can send you a link for a free copy if you want to read it first - it is still in "early access" so not complete yet).
It has a chapter on basic secure application development techniques, and then chapters covering CSRF, etc. It covers JWT because it is hard not to, but is clear to point out the security weaknesses and covers alternatives like Macaroons and Paseto :-) (I also mention CipherSweet in a section on database hardening, so Paragon IE is well covered...)