Cyber Shelf

// Alternatives

Alternatives to Real-World Cryptography

Books in our catalog with overlapping topics and a similar reading level to Real-World Cryptography. If Real-World Cryptography is the wrong fit at intermediate level, start here.

CryptographyAppSec

  1. 01 · 2024

    Serious Cryptography

    Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.

    Intermediate
    5/5Jean-Philippe Aumasson

  2. 02 · 2010

    Cryptography Engineering

    A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

    Intermediate
    4/5Niels Ferguson, Bruce Schneier, Tadayoshi Kohno

  3. 03 · 2021

    Designing Secure Software

    Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

    Intermediate
    5/5Loren Kohnfelder

  4. 04 · 2014

    Threat Modeling

    Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

    Intermediate
    5/5Adam Shostack

  5. 05 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  6. 06 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  7. 07 · 2011

    The Web Application Hacker's Handbook

    The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

    Intermediate
    4/5Dafydd Stuttard, Marcus Pinto

  8. 08 · 2016

    iOS Application Security

    David Thiel on attacking and defending iOS apps: the platform sandbox, IPC surfaces, keychain semantics, transport security, and the patterns that introduce real bugs.

    Intermediate
    3/5David Thiel

  9. 09 · 2015

    The Mobile Application Hacker's Handbook

    Chell, Erasmus, Colley, and Whitehouse's reference on iOS and Android application security from the early-mid 2010s — runtime hooking, transport security, IPC abuse, and the platform-specific surface of mobile pentesting.

    Intermediate
    3/5Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse

  10. 10 · 2020

    Security Engineering

    Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.

    Advanced
    5/5Ross Anderson
Back to Real-World CryptographyWhat to read after Real-World Cryptography