Cyber Shelf

// Comparison

Alice and Bob Learn Application Security vs Linux Basics for Hackers: Which Should You Read?

Two cybersecurity books on Foundations, compared honestly: who each is for, what each does best, and which to read first.

Beginner
4/52020
Alice and Bob Learn Application Security

Tanya Janca

Tanya Janca's hands-on AppSec primer covering threat modeling, secure design, secure coding, testing, deployment, and the social side of running an AppSec program — through a friendly, narrative-driven structure.

Beginner
4/52025
Linux Basics for Hackers

Getting Started with Networking, Scripting, and Security in Kali

OccupyTheWeb

OccupyTheWeb's introduction to Linux from the angle that hackers and pentesters actually need it: shells, networking, scripting, and Kali tooling.

Read this if

Software developers, junior AppSec engineers, and security champions who need a single, friendly book that covers the AppSec lifecycle without assuming security knowledge. Excellent as the first book to hand to a developer asked to lead AppSec for their team.
Beginners with no Linux background who need just enough fluency to follow security tutorials, run security tools, and not get lost. Required prerequisite for most pentest, OSCP, and CTF starting paths.

Skip this if

Senior AppSec professionals who already have the lifecycle internalized; the book is a primer by design. Also relatively light on cloud-native AppSec specifics (IaC scanning, supply-chain attestation), which Janca's later writing covers more deeply.
Anyone who already uses Linux daily. The book is intentionally introductory; experienced users will find every chapter familiar.

Key takeaways

  • AppSec is a lifecycle discipline, not a scanning discipline; Janca's structure makes that argument by walking through each stage with concrete examples.
  • Most AppSec wins come from secure design and developer-relations work, not from finding more bugs at the end of the SDLC.
  • The book's tone is its underrated strength — many developers will finish this book; very few will finish a more formal AppSec textbook.
  • Linux fluency for security work is a small, finite skill: shell, file ops, services, networking commands, basic scripting. The book covers exactly that and nothing more.
  • Type every command. The book is muscle-memory training disguised as a reference; passive reading wastes the time.
  • Kali is a defaults-and-tooling distro, not a different OS; understanding base Linux means you'll never be confused when the tool isn't pre-installed.

How they compare

Alice and Bob Learn Application Security and Linux Basics for Hackers are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

Alice and Bob Learn Application Security and Linux Basics for Hackers both cover Foundations, so reading them in sequence reinforces the same material from different angles.

Keep reading

Alice and Bob Learn Application Security

Alternatives to Alice and Bob Learn Application SecurityWhat to read after Alice and Bob Learn Application Security

Linux Basics for Hackers

Alternatives to Linux Basics for HackersWhat to read after Linux Basics for Hackers

Related topics

Foundations