Best Defensive books

Security Chaos Engineering

Sustaining Resilience in Software and Systems

Kelly Shortridge and Aaron Rinehart on treating security as a property of complex adaptive systems: instead of preventing failure, you continuously simulate it, and design the organization to learn from each result.

Designing Secure Software

A Guide for Developers

Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

Building Secure and Reliable Systems

Best Practices for Designing, Implementing, and Maintaining Systems

Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.

Security Engineering

A Guide to Building Dependable Distributed Systems

Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.

Threat Modeling

Designing for Security

Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Still the gold standard textbook for static and dynamic malware analysis on Windows.

Evasive Malware

A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats

Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

Intelligence-Driven Incident Response

Outwitting the Adversary

A practitioner's guide to wiring threat intelligence into the incident response loop, built around the F3EAD cycle rather than tool-of-the-week tutorials.

Cybersécurité

Analyser les risques, mettre en œuvre les solutions

Solange Ghernaouti's broad academic survey of cybersecurity — risk analysis, governance, technical and legal dimensions — the standard French university reference, now in its 7th edition.

How Cybersecurity Really Works

A Hands-On Guide for Total Beginners

Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.

Practical Linux Forensics

A Guide for Digital Investigators

Bruce Nikkel's reference for forensic analysts working post-mortem on Linux images: filesystems, journaling, logs, persistence locations, and the chain of custody discipline around them.

Web Security for Developers

Real Threats, Practical Defense

Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.

Foundations of Information Security

A Straightforward Introduction

Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.

Network Security Through Data Analysis

From Data to Action

Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.

Practical Packet Analysis

Using Wireshark to Solve Real-World Network Problems

Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.

Zero Trust Networks

Building Secure Systems in Untrusted Networks

Evan Gilman and Doug Barth's pre-marketing-bubble treatment of zero-trust architecture — what it is when you actually implement it (trust evaluation, device identity, dynamic policy) versus what the vendor pitch turned it into.

Sécurité et espionnage informatique

Connaissance de la menace APT et du cyberespionnage

A technical French guide to advanced persistent threats and cyber-espionage — how APT campaigns work, how to detect them, and how to defend — by one of France's APT specialists.

Incident Response and Computer Forensics

Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

Applied Network Security Monitoring

Collection, Detection, and Analysis

A practitioner's walkthrough of building an NSM capability end to end, from deciding what to collect through detection and the analysis workflow that ties it together. The tooling is dated, but the way it teaches you to think about monitoring is not.

Sécurité informatique

Principes et méthodes à l'usage des DSI, RSSI et administrateurs

A principles-first treatment of information security for DSI, RSSI and sysadmins — architecture, cryptography, network defence and security policy — from two veteran French practitioners.

Cryptography Engineering

Design Principles and Practical Applications

A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

Linux Firewalls

Attack Detection and Response with iptables, psad, and fwsnort

Michael Rash, author of psad and fwsnort, on building and operating Linux-native packet filtering and intrusion-response tooling. Pre-nftables in detail but conceptually durable.

Cyberjutsu

Cybersecurity for the Modern Ninja

Ben McCarty maps declassified medieval ninja scrolls onto modern adversary tradecraft. More analogy-driven than technical, useful for security-program framing.

Intelligence artificielle, cybersécurité et cyberdéfense

An academic examination of how artificial intelligence reshapes cybersecurity and cyberdefence — opportunities, threats and strategic implications — by France's most prolific cyberwar scholar.

Tableaux de bord de la sécurité réseau

A practitioner's manual for measuring and steering network security — metrics, dashboards, monitoring and risk indicators — for the people who run security operations.