The best application security books for builders

Who am I?

Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.


I wrote...

Threat Modeling: Designing for Security

By Adam Shostack,

Book cover of Threat Modeling: Designing for Security

What is my book about?

How to anticipate and address software threats before you’ve written a line of code. The proven tools in this book can be applied by anyone. They give you a structured and systematic approach that are be applied at any scale – from a website built with CI/CD to complex waterfall projects like spacecraft.

This book captures years of experience in a simple, accessible, and practical way.

Shepherd is reader supported. When you buy books, we may earn an affiliate commission.

The books I picked & why

Book cover of Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems

Adam Shostack Why did I love this book?

This book captures lessons from many authors at Google, some of whom I’ve worked with over the years. The chapters on availability (7, 8, 9) were a revelation to me. I had no idea how Google approaches the topic of resilience and recovery in their systems, and I now think of the whole topic very differently. The biggest takeaway is how to think about the design of systems.

By Heather Adkins, Betsy Beyer, Paul Blankinship , Ana Oprea , Adam Stubblefield

Why should I read it?

1 author picked Building Secure and Reliable Systems as one of their favorite books, and they share why you should read it.

What is this book about?

Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.

Two previous O'Reilly books from Google-Site Reliability Engineering and The Site Reliability Workbook-demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain…


Book cover of Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

Adam Shostack Why did I love this book?

When I worked in application security at Microsoft, we still had products that shipped every few years. I learned to scale application security in that world, but many people live in a different world now. AAS helped me understand which of our approaches translated well, which had to be transformed, and which needed to be discarded or replaced. I regularly refer back to it, even a few years later.

By Laura Bell, Michael Brunton-Spall, Rich Smith , Jim Bird

Why should I read it?

1 author picked Agile Application Security as one of their favorite books, and they share why you should read it.

What is this book about?

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.

Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with…


Book cover of Designing Secure Software: A Guide for Developers

Adam Shostack Why did I love this book?

Loren’s been contributing to security for over 40 years, and this book captures his hard-won wisdom in a way that’s both humble and accessible. It scales from principles and design approaches to in-depth explanations of exactly how things go wrong and how to avoid those problems. (Also, I was honored to write the foreword.)

By Loren Kohnfelder,

Why should I read it?

1 author picked Designing Secure Software as one of their favorite books, and they share why you should read it.

What is this book about?

Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts. The second part, perhaps this book's most important contribution, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written…


Book cover of Leading Change

Adam Shostack Why did I love this book?

As we move to a world in which security is everyone’s job, we have to understand that’s a change in what we expect of people, and change is hard. This book is short and actionable and will help security pros understand the changes that need to happen. Unlike a lot of business books, it’s not full of platitudes or repetition. Even when we’re not actively leading change, understanding the challenges leaders face enables us to plan and participate better to achieve our goals.

By John P. Kotter,

Why should I read it?

2 authors picked Leading Change as one of their favorite books, and they share why you should read it.

What is this book about?

The international bestseller--now with a new preface by author John Kotter. Millions worldwide have read and embraced John Kotter's ideas on change management and leadership. From the ill-fated dot-com bubble to unprecedented M&A activity to scandal, greed, and ultimately, recession--we've learned that widespread and difficult change is no longer the exception. It's the rule. Now with a new preface, this refreshed edition of the global bestseller Leading Change is more relevant than ever. John Kotter's now-legendary eight-step process for managing change with positive results has become the foundation for leaders and organizations across the globe. By outlining the process every…


Book cover of Flying Blind: The 737 Max Tragedy and the Fall of Boeing

Adam Shostack Why did I love this book?

Boeing used to be a paragon of how engineering-driven companies could deliver amazing products and amazing profits. This book chronicles how that changed, and how Boeing lost its guiding principles. It shows how prioritizing the stock price over the business or the people who flew in its planes led to decisions that literally killed hundreds of people. Engineering concerns were regularly set aside for schedule or cost reasons. Most of us don’t work on products whose failures cause hundreds of deaths, but there’s an important lesson about being proud of the work you do and the products you deliver, and how that can make for a great business.

By Peter Robison,

Why should I read it?

1 author picked Flying Blind as one of their favorite books, and they share why you should read it.

What is this book about?

NEW YORK TIMES BUSINESS BESTSELLER • A suspenseful behind-the-scenes look at the dysfunction that contributed to one of the worst tragedies in modern aviation: the 2018 and 2019 crashes of the Boeing 737 MAX.

An "authoritative, gripping and finely detailed narrative that charts the decline of one of the great American companies" (New York Times Book Review), from the award-winning reporter for Bloomberg.

Boeing is a century-old titan of industry. It played a major role in the early days of commercial flight, World War II bombing missions, and moon landings. The planemaker remains a cornerstone of the U.S. economy, as…


You might also like...

From Side Hustle to Main Hustle to Millionaire: 13 Lessons to Turn Your Passion Into a Passive Paycheck

By Ryan Scribner,

Book cover of From Side Hustle to Main Hustle to Millionaire: 13 Lessons to Turn Your Passion Into a Passive Paycheck

Ryan Scribner Author Of From Side Hustle to Main Hustle to Millionaire: 13 Lessons to Turn Your Passion Into a Passive Paycheck

New book alert!

Who am I?

I’ve been trying to make money on the internet since I was 12. While it took me many failed attempts to eventually figure out how, I succeeded with this goal in 2016. I launched a YouTube channel related to one of my lifelong passions; personal finance. From there, I broadened my horizons by creating multiple standalone affiliate blogs unrelated to my YouTube channel. Every one of my successes and failures has taught me valuable lessons about the side hustle journey.

Ryan's book list on how to get a side hustle started

What is my book about?

It's time to quit your day job. Anyone with the desire can start a side hustle, and there are more opportunities now than ever before. YouTube personality and personal finance guru Ryan Scribner went from a dead-end job to the limitless potential of self-employment by harnessing the power of the side hustle.

In this guide to gaining financial freedom, Ryan shares his lessons for success—and shares common pitfalls to avoid. Learn how to build a successful side business that you can grow into your main source of income over time.

From Side Hustle to Main Hustle to Millionaire: 13 Lessons to Turn Your Passion Into a Passive Paycheck

By Ryan Scribner,

What is this book about?

Your side hustle is waiting-get started!

Anyone with the desire can start a side hustle, and there are more opportunities now than ever before. In 2017, YouTube personality and personal finance guru Ryan Scribner quit his day job to focus exclusively on his side hustle. By 2021, at the age of 26, he had become a millionaire. From Side Hustle to Main Hustle to Millionaire tells Ryan's story of transitioning from the 9-to-5 grind to a liberating and lucrative career as a self-employed business owner-and gives you the tools to launch a side hustle too.

In 13 simple lessons, Ryan…


5 book lists we think you will like!

Interested in computer security, computer networks, and leadership?

9,000+ authors have recommended their favorite books and what they love about them. Browse their picks for the best books about computer security, computer networks, and leadership.

Computer Security Explore 23 books about computer security
Computer Networks Explore 9 books about computer networks
Leadership Explore 347 books about leadership