Cyber Shelf

// Alternatives

Alternatives to Designing Secure Software

Books in our catalog with overlapping topics and a similar reading level to Designing Secure Software. If Designing Secure Software is the wrong fit at intermediate level, start here.

AppSecDefensiveThreat Modeling

  1. 01 · 2014

    Threat Modeling

    Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

    Intermediate
    5/5Adam Shostack

  2. 02 · 2010

    Cryptography Engineering

    A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

    Intermediate
    4/5Niels Ferguson, Bruce Schneier, Tadayoshi Kohno

  3. 03 · 2021

    Real-World Cryptography

    David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

    Intermediate
    5/5David Wong

  4. 04 · 2020

    Web Security for Developers

    Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.

    Beginner
    4/5Malcolm McDonald

  5. 05 · 2013

    The Practice of Network Security Monitoring

    Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

    Intermediate
    5/5Richard Bejtlich

  6. 06 · 2012

    Practical Malware Analysis

    Still the gold standard textbook for static and dynamic malware analysis on Windows.

    Intermediate
    5/5Michael Sikorski, Andrew Honig

  7. 07 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  8. 08 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  9. 09 · 2021

    Practical Linux Forensics

    Bruce Nikkel's reference for forensic analysts working post-mortem on Linux images: filesystems, journaling, logs, persistence locations, and the chain of custody discipline around them.

    Intermediate
    4/5Bruce Nikkel

  10. 10 · 2017

    Network Security Through Data Analysis

    Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.

    Intermediate
    4/5Michael Collins
Back to Designing Secure SoftwareWhat to read after Designing Secure Software