Like many C.S. graduates, my education was theory heavy and practice light. I have spent much of the past few years rapidly building out missing areas of expertise to fulfill an increasingly wide pool of presumed knowledge. But one of the areas I have found difficult to get a handle on is security.

Would anyone here be willing to offer recommended reading? I regularly work with SSH, SSL/TLS, HTTPS, LDAP, AD, and OAuth with only cursory knowledge of any of them. I would be grateful for any guides that provide context for why these technologies exist and what best practices look like.

Thank you for any help you can provide.