Applied Cryptography for Backend Engineers
Stop rolling your own, and stop ignoring the ones who did
Most cryptography books are written for cryptographers. This one is written for the engineer who has to ship JWT validation before lunch. You will learn the actual attack surface of every primitive you've already used: AES-GCM nonce reuse, RSA padding oracles, signed-cookie tampering, and the unsafe defaults in libraries you trust. Includes secure-by-default Go and Python snippets you can paste into a service today.
Kenji has shipped audits for fintech and critical-infrastructure clients across three continents. His writing strips out the marketing layer most security books leave in.
- Pages
- 348
- Edition
- 1st Edition
- Language
- English
- Level
- intermediate
- ISBN
- 978-1-99999-003-6
- Published
- November 2025
Reviewed by three working engineers at peer publications before publication. We do not publish first drafts.
What you'll find inside.
- 01Threat Models for the Tired
- 02Symmetric Encryption That Won't Bite You
- 03Asymmetric Crypto, Demystified
- 04Hashing, Signatures, and KDFs
- 05JWTs and What They Cannot Prove
- 06TLS for People Who Skip the RFC
- 07Storing Secrets at Rest
- 08The Cost of Post-Quantum
- 09Bug Bounties Worth Reading
5.0 / 5
231 verified readers
Finally, crypto explained for engineers
I have been writing JWT code for years and only after this book did I understand why I should have stopped. The threat model framing is excellent.
