Cyber Shelf

// What to read next

What to read after Alice and Bob Learn Application Security

Where to go after Alice and Bob Learn Application Security, picked from our catalog. The next step up from beginner level, weighted toward the topics this book covers.

AppSecFoundationsDevSecOps

  1. 01 · 2021

    Real-World Cryptography

    David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

    Intermediate
    5/5David Wong

  2. 02 · 2018

    Social Engineering

    Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.

    Intermediate
    4/5Christopher Hadnagy

  3. 03 · 2021

    Designing Secure Software

    Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

    Intermediate
    5/5Loren Kohnfelder

  4. 04 · 2014

    Threat Modeling

    Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

    Intermediate
    5/5Adam Shostack

  5. 05 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  6. 06 · 2020

    Container Security

    Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.

    Intermediate
    4/5Liz Rice

  7. 07 · 2010

    Cryptography Engineering

    A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

    Intermediate
    4/5Niels Ferguson, Bruce Schneier, Tadayoshi Kohno

  8. 08 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball
Back to Alice and Bob Learn Application SecurityAlternatives to Alice and Bob Learn Application Security