Cyber Shelf

// Prerequisites

What to read before Real-World Cryptography

If Real-World Cryptography feels too steep at intermediate level, here is what to read first. Lighter books in the same topics that build the prerequisites this one assumes.

CryptographyAppSec

  1. 01 · 2024

    Serious Cryptography

    Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.

    Intermediate
    5/5Jean-Philippe Aumasson

  2. 02 · 2010

    Cryptography Engineering

    A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

    Intermediate
    4/5Niels Ferguson, Bruce Schneier, Tadayoshi Kohno

  3. 03 · 2020

    Alice and Bob Learn Application Security

    Tanya Janca's hands-on AppSec primer covering threat modeling, secure design, secure coding, testing, deployment, and the social side of running an AppSec program — through a friendly, narrative-driven structure.

    Beginner
    4/5Tanya Janca

  4. 04 · 2021

    Crypto Dictionary

    Jean-Philippe Aumasson's alphabetical, opinionated reference on cryptographic terms, primitives, attacks and folklore. Snack-format companion to Serious Cryptography.

    Beginner
    4/5Jean-Philippe Aumasson

  5. 05 · 2020

    Web Security for Developers

    Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.

    Beginner
    4/5Malcolm McDonald

  6. 06 · 2021

    Designing Secure Software

    Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

    Intermediate
    5/5Loren Kohnfelder

  7. 07 · 2014

    Threat Modeling

    Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

    Intermediate
    5/5Adam Shostack

  8. 08 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi
Back to Real-World CryptographyWhat to read after Real-World Cryptography