Cyber Shelf

// What to read next

What to read after Black Hat GraphQL

Where to go after Black Hat GraphQL, picked from our catalog. The next step up from intermediate level, weighted toward the topics this book covers.

Web SecurityAppSecOffensive

  1. 01 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  2. 02 · 2011

    The Web Application Hacker's Handbook

    The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

    Intermediate
    4/5Dafydd Stuttard, Marcus Pinto

  3. 03 · 2011

    The Tangled Web

    The deepest book ever written on the strange, accreted security model of the web browser.

    Advanced
    5/5Michal Zalewski

  4. 04 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw

  5. 05 · 2006

    The Art of Software Security Assessment

    The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

    Advanced
    5/5Mark Dowd, John McDonald, Justin Schuh

  6. 06 · 2024

    Windows Security Internals

    Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

    Advanced
    5/5James Forshaw

  7. 07 · 2024

    Evading EDR

    A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

    Advanced
    4/5Matt Hand

  8. 08 · 2007

    The Shellcoder's Handbook

    A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

    Advanced
    4/5Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte
Back to Black Hat GraphQLAlternatives to Black Hat GraphQL