Cyber Shelf

// Alternatives

Alternatives to The Database Hacker's Handbook

Books in our catalog with overlapping topics and a similar reading level to The Database Hacker's Handbook. If The Database Hacker's Handbook is the wrong fit at advanced level, start here.

DatabasesAppSecExploitation

  1. 01 · 2021

    Real-World Cryptography

    David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

    Intermediate
    5/5David Wong

  2. 02 · 2011

    The Tangled Web

    The deepest book ever written on the strange, accreted security model of the web browser.

    Advanced
    5/5Michal Zalewski

  3. 03 · 2006

    The Art of Software Security Assessment

    The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

    Advanced
    5/5Mark Dowd, John McDonald, Justin Schuh

  4. 04 · 2022

    Gray Hat Hacking

    A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.

    Advanced
    4/5Allen Harper, Ryan Linn, Stephen Sims, Michael Baucom, Daniel Fernandez, Huascar Tejeda, Moses Frost

  5. 05 · 2009

    The Mac Hacker's Handbook

    Charlie Miller and Dino Dai Zovi's 2009 deep dive into the Mac OS X exploit landscape — Mach-O, IPC, sandboxing as it then existed, and the early-Intel-Mac exploitation chains.

    Advanced
    3/5Charlie Miller, Dino Dai Zovi

  6. 06 · 2021

    Designing Secure Software

    Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

    Intermediate
    5/5Loren Kohnfelder

  7. 07 · 2014

    Threat Modeling

    Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

    Intermediate
    5/5Adam Shostack

  8. 08 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  9. 09 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  10. 10 · 2011

    The Web Application Hacker's Handbook

    The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

    Intermediate
    4/5Dafydd Stuttard, Marcus Pinto
Back to The Database Hacker's HandbookWhat to read after The Database Hacker's Handbook