Cyber Shelf

// What to read next

What to read after Alice and Bob Learn Application Security

Where to go after Alice and Bob Learn Application Security, picked from our catalog. The next step up from beginner level, weighted toward the topics this book covers.

AppSecFoundationsDevSecOps

  1. 01 · 2021

    Real-World Cryptography

    David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

    Intermediate
    5/5David Wong

  2. 02 · 2005

    Reversing

    The book that taught a generation how software actually looks once you strip away the source. Still the clearest on-ramp to thinking in assembly, even with dated tools.

    Intermediate
    4/5Eldad Eilam

  3. 03 · 2018

    Social Engineering

    Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.

    Intermediate
    4/5Christopher Hadnagy

  4. 04 · 2010

    Understanding Cryptography

    A genuinely teachable intro to modern cryptography that derives the math instead of hand-waving it, covering symmetric and public-key primitives without drowning you in proofs.

    Intermediate
    4/5Christof Paar, Jan Pelzl

  5. 05 · 2021

    Designing Secure Software

    Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

    Intermediate
    5/5Loren Kohnfelder

  6. 06 · 2014

    Threat Modeling

    Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

    Intermediate
    5/5Adam Shostack

  7. 07 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  8. 08 · 2020

    Container Security

    Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.

    Intermediate
    4/5Liz Rice
Back to Alice and Bob Learn Application SecurityAlternatives to Alice and Bob Learn Application Security