Cyber Shelf

// What to read next

What to read after Threat Modeling

Where to go after Threat Modeling, picked from our catalog. The next step up from intermediate level, weighted toward the topics this book covers.

Threat ModelingDefensiveAppSec

  1. 01 · 2021

    Designing Secure Software

    Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

    Intermediate
    5/5Loren Kohnfelder

  2. 02 · 2010

    Cryptography Engineering

    A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

    Intermediate
    4/5Niels Ferguson, Bruce Schneier, Tadayoshi Kohno

  3. 03 · 2020

    Building Secure and Reliable Systems

    Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.

    Advanced
    5/5Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield

  4. 04 · 2023

    Security Chaos Engineering

    Kelly Shortridge and Aaron Rinehart on treating security as a property of complex adaptive systems: instead of preventing failure, you continuously simulate it, and design the organization to learn from each result.

    Advanced
    5/5Kelly Shortridge, Aaron Rinehart

  5. 05 · 2020

    Security Engineering

    Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.

    Advanced
    5/5Ross Anderson

  6. 06 · 2006

    The Art of Software Security Assessment

    The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

    Advanced
    5/5Mark Dowd, John McDonald, Justin Schuh

  7. 07 · 2011

    The Tangled Web

    The deepest book ever written on the strange, accreted security model of the web browser.

    Advanced
    5/5Michal Zalewski

  8. 08 · 2024

    Evasive Malware

    Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

    Advanced
    4/5Kyle Cucci
Back to Threat ModelingAlternatives to Threat Modeling