This practical guide provides both defensive and offensive security concepts that software engineers can easily learn and apply. Andrew Hoffman, a product security lead at Salesforce, introduces three pillars of web application security: recon, offense, and defense.