Here are 7 books that Threat Modeling fans have personally recommended if you like
Threat Modeling.
Shepherd is a community of 11,000+ authors and super readers sharing their favorite books with the world.
Shepherd is reader supported. When you buy books, we may earn an affiliate commission.
I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!
When I take this book off my shelf, the probability that I find the answer I'm looking for is very high. Yes, it's a big book, and I'm pretty sure I haven't read every single page yet, but because of its broad coverage of security engineering knowledge, from crypto to real-world processes, it is an invaluable reference for teaching and practical cyber security.
Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than…
I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!
I like embedded systems a lot, but I like hardware attacks on them even more because they represent very powerful attackers! I love the wonderful collection of expert knowledge and practical experience on side-channel analysis, fault attacks, and corresponding countermeasures created by Colin O'Flynn and Jasper van Woudenberg.
When reading through this one, I always remember my time as a PhD student, when my colleagues and I performed several tricky hardware attacks in our lab... That was definitely challenging but also a lot of fun!
The Hardware Hacking Handbook is a deep dive into embedded security, perfect for readers interested in designing, analysing, and attacking devices. You'll start with a crash course in embedded security and hardware interfaces and learn how to set up a test lab. Real-world examples and hands-on labs throughout allow you to explore hardware interfaces and practice various attacks.
I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!
When I first heard about cryptography at university, it sounded like mathematical magic. After looking into some randomly chosen crypto books, I was discouraged from digging deeper because they were full of math details.
Understanding Cryptography was different. It was aimed at engineering students like me, and it provided me with the most relevant facts necessary for designing secure devices. Since then, it has always been a great reference book for me.
Cryptography is now ubiquitous - moving beyond the traditional environments, such as government communications and banking systems, we see cryptographic techniques realized in Web browsers, e-mail programs, cell phones, manufacturing systems, embedded software, smart buildings, cars, and even medical implants. Today's designers need a comprehensive understanding of applied cryptography.
After an introduction to cryptography and data security, the authors explain the main techniques in modern cryptography, with chapters addressing stream ciphers, the Data Encryption Standard (DES) and 3DES, the Advanced Encryption Standard (AES), block ciphers, the RSA cryptosystem, public-key cryptosystems based on the discrete logarithm problem, elliptic-curve cryptography (ECC), digital…
I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!
I love thinking about potential vulnerabilities and threat scenarios in IoT devices, because they are everywhere and they have already gained a significant amount of power.
Practical IoT Hacking is a wonderful read that stimulates my imagination about how to tackle devices and systems, but it doesn’t stop there: it even addresses the practical security analysis needs of my students and me.
Geared towards security researchers, IT teams, and penetration testers, application testers, developers, and IT administrators, this book teaches readers how to get started with hacking Internet connected devices. Readers dig deep into technical (and related legal) issues, as they learn what kinds of devices to use as hacking tools and which make the best targets. The authors, all experts in the field, cover the kinds of vulnerabilities found in IoT devices, explain how to exploit their network protocols, and how to leverage security flaws and certain hardware interfaces found in the physical devices themselves.
I write as Robert J. Lloyd, but my friends call me Rob. Having studied Fine Art at a BA degree level (starting as a landscape painter but becoming a sculpture/photography/installation/performance generalist), I then moved to writing. During my MA degree in The History of Ideas, I happened to read Robert Hooke’s diary, detailing the life and experiments of this extraordinary and fascinating man. My MA thesis and my Hooke & Hunt series of historical thrillers are all about him. I’m fascinated by early science, which was the initial ‘pull’ into writing these stories, but the political background of the times (The Popish Plot and the Exclusion Crisis, for example) is just as enticing.
About WWII codebreaking, the reason this makes my ‘Best 5’ is that, besides being constantly inventive and informative, it’s also very funny. (I’m that shallow.)
There are similarities, I think, with Catch 22, in the plot’s intelligence, absurdity, and dreamlike turns.
I think Stephenson’s character Bobbie Shaftoe, a soldier who carries out counterintelligence deceptions, is hilarious. Also, Stephenson’s use of real historical characters–he presents believable portraits of Alan Turing, Douglas MacArthur, Karl Dönitz, and Hermann Göring, with a walk-on appearance by Albert Einstein–gave me license to do so in my own fiction.
With this extraordinary first volume in an epoch-making masterpiece, Neal Stephenson hacks into the secret histories of nations and the private obsessions of men, decrypting with dazzling virtuosity the forces that shaped this century.
In 1942, Lawrence Pritchard Waterhouse—mathematical genius and young Captain in the U.S. Navy—is assigned to detachment 2702. It is an outfit so secret that only a handful of people know it exists, and some of those people have names like Churchill and Roosevelt. The mission of Waterhouse and Detachment 2702—commanded by Marine Raider Bobby Shaftoe-is to keep the Nazis ignorant of the fact that Allied Intelligence…
I taught myself to code back in 1994 while working the graveyard shift as a geologist in the environmental industry. My job consisted of sitting in a chair during the dark hours of the night in a shopping center in Stockton, CA, watching another geologist take samples from wells in the parking lot. A friend of mine suggested I learn to code because I liked computers. I don’t mean to make this out to be a “it’s so simple anyone can do it!” You need to have a relentless drive to learn, which is why I wrote my book, The Imposter’s Handbook - as an active step to learning what I didn’t know I didn’t know.
This book makes me jealous as the author has an incredible ability to communicate the densest of topics (Cryptography) in an engaging, wonderful way.
It draws you in and you find yourself transported to battlefields and war rooms of the past. I’ve always taken cryptography for granted - I type httpsinto my browser and navigate to a site and all’s well. I know things are reasonably secure - but why?
It turns out that RSA, the algorithm that underpins things like SSL and SSH, is a landmark of human achievement and did something that millennia of mathematicians and scientists could not: provide secure, end-to-end encryption. A wonderful story.
In his first book since the bestselling Fermat's Enigma, Simon Singh offers the first sweeping history of encryption, tracing its evolution and revealing the dramatic effects codes have had on wars, nations, and individual lives. From Mary, Queen of Scots, trapped by her own code, to the Navajo Code Talkers who helped the Allies win World War II, to the incredible (and incredibly simple) logisitical breakthrough that made Internet commerce secure, The Code Book tells the story of the most powerful intellectual weapon ever known: secrecy.
Throughout the text are clear technical and mathematical explanations, and portraits of the remarkable…
I have had the opportunity to write (I have written over 30 college textbooks on technology, most of them in the area of cybersecurity), study (my PhD dissertation was on cybersecurity), teach (I have taught at colleges and universities my entire career about technology, networking, and cybersecurity), and research (I have published numerous peer-reviewed journal articles) on the topic of cybersecurity. But I have always had a soft spot in my heart for the average computer user who struggles with how to protect their technology devices. This has helped drive my passion to focus on practical cybersecurity for everyone.
Passwords: everybody has them and everybody abuses them. Passwords can provide good security, but very few users use passwords correctly in order to take advantage of the protections they provide. The key to our poor implementation of passwords is a complete misunderstanding of how attackers break our passwords. Without this understanding users create weak passwords that are easy to break. Joshua Picolet's book is a reference guide for cracking passwords, but by explaining how to break passwords it also provides valuable information about how to make them strong to protect passwords from attacks. This book provides the proof of why we should treat passwords like our underwear: don't let people see it, change it often, and don't share it with strangers.
The Hash Crack: Password Cracking Manual v3 is an expanded reference guide for password recovery (cracking) methods, tools, and analysis techniques. A compilation of basic and advanced techniques to assist penetration testers and network security professionals evaluate their organization's posture. The Hash Crack manual contains syntax and examples for the most popular cracking and analysis tools and will save you hours of research looking up tool usage. It also includes basic cracking knowledge and methodologies every security professional should know when dealing with password attack capabilities. Hash Crack contains all the tables, commands, online resources, and more to complete your…
