Best cybersecurity books from 2023

Security Chaos Engineering

Sustaining Resilience in Software and Systems

Kelly Shortridge and Aaron Rinehart on treating security as a property of complex adaptive systems: instead of preventing failure, you continuously simulate it, and design the organization to learn from each result.

A Hacker's Mind

How the Powerful Bend Society's Rules, and How to Bend Them Back

Bruce Schneier extends the security-engineering frame of "hacking" to law, finance, politics, and tax: every rule-based system has exploitable seams, and the wealthy and powerful exploit them constantly.

Black Hat GraphQL

Attacking Next Generation APIs

Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

Fancy Bear Goes Phishing

The Dark History of the Information Age, in Five Extraordinary Hacks

Five famous hacks used as a way into the deeper question of why software is insecure at all, written by a Yale law professor who learned to code to write it. More a history and theory of vulnerability than a how-to.

Intelligence-Driven Incident Response

Outwitting the Adversary

A practitioner's guide to wiring threat intelligence into the incident response loop, built around the F3EAD cycle rather than tool-of-the-week tutorials.

Pegasus

How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy

The inside story of the Forbidden Stories investigation into NSO Group's Pegasus spyware, told by the journalists who ran it. The best narrative account of what commercial zero-click surveillance actually does to its targets.

Cybercriminalité

Comprendre, prévenir, réagir

Solange Ghernaouti's structured treatment of cybercrime — how it works, how to prevent it, how to respond — spanning technical, legal and organisational angles.

Exercices et problèmes de cryptographie

A rigorous problem book for learning cryptography — over 150 corrected exercises with course summaries, for L3/master/engineering students — by a French academic cryptographer.