Just finished this book and it made me realize that my team was having endless discussion about the wrong topic - mostly crypto security. Having simple basic security about forging content was not on the radar, input sanitization is still thought to be the responsibility of whatever framework... at least we know where and what to look for.