Cyber Shelf

// What to read next

What to read after The Tangled Web

Where to go after The Tangled Web, picked from our catalog. The next step up from advanced level, weighted toward the topics this book covers.

Web SecurityBrowser InternalsAppSec

  1. 01 · 2006

    The Art of Software Security Assessment

    The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

    Advanced
    5/5Mark Dowd, John McDonald, Justin Schuh

  2. 02 · 2005

    The Database Hacker's Handbook

    Litchfield, Anley, Heasman, and Grindlay's exhaustive 2005 reference on attacking and defending Oracle, SQL Server, DB2, MySQL, PostgreSQL, Sybase, and Informix — the era when the database engine itself was the soft target.

    Advanced
    3/5David Litchfield, Chris Anley, John Heasman, Bill Grindlay

  3. 03 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  4. 04 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  5. 05 · 2011

    The Web Application Hacker's Handbook

    The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

    Intermediate
    4/5Dafydd Stuttard, Marcus Pinto

  6. 06 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw

  7. 07 · 2020

    Building Secure and Reliable Systems

    Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.

    Advanced
    5/5Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield

  8. 08 · 2009

    Les virus informatiques : théorie, pratique et applications

    Éric Filiol's reference French-language treatment of computer virology. Formal theory, infection mechanisms, offensive and defensive applications, with academic rigor rare on the topic.

    Advanced
    5/5Éric Filiol
Back to The Tangled WebAlternatives to The Tangled Web