Cyber Shelf

// What to read next

What to read after The Mobile Application Hacker's Handbook

Where to go after The Mobile Application Hacker's Handbook, picked from our catalog. The next step up from intermediate level, weighted toward the topics this book covers.

MobileAppSecPentesting

  1. 01 · 2016

    iOS Application Security

    David Thiel on attacking and defending iOS apps: the platform sandbox, IPC surfaces, keychain semantics, transport security, and the patterns that introduce real bugs.

    Intermediate
    3/5David Thiel

  2. 02 · 2006

    The Art of Software Security Assessment

    The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

    Advanced
    5/5Mark Dowd, John McDonald, Justin Schuh

  3. 03 · 2011

    The Tangled Web

    The deepest book ever written on the strange, accreted security model of the web browser.

    Advanced
    5/5Michal Zalewski

  4. 04 · 2014

    Android Security Internals

    Nikolay Elenkov on the actual implementation of Android's security model: package manager internals, permissions, keystore, SELinux integration, verified boot.

    Advanced
    4/5Nikolay Elenkov

  5. 05 · 2022

    Gray Hat Hacking

    A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.

    Advanced
    4/5Allen Harper, Ryan Linn, Stephen Sims, Michael Baucom, Daniel Fernandez, Huascar Tejeda, Moses Frost

  6. 06 · 2017

    Advanced Penetration Testing

    A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.

    Advanced
    3/5Wil Allsopp

  7. 07 · 2005

    The Database Hacker's Handbook

    Litchfield, Anley, Heasman, and Grindlay's exhaustive 2005 reference on attacking and defending Oracle, SQL Server, DB2, MySQL, PostgreSQL, Sybase, and Informix — the era when the database engine itself was the soft target.

    Advanced
    3/5David Litchfield, Chris Anley, John Heasman, Bill Grindlay

  8. 08 · 2021

    Real-World Cryptography

    David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

    Intermediate
    5/5David Wong
Back to The Mobile Application Hacker's HandbookAlternatives to The Mobile Application Hacker's Handbook