Cyber Shelf

// Comparison

Sécurité informatique vs Security Engineering: Which Should You Read?

Two cybersecurity books on Cryptography, compared honestly: who each is for, what each does best, and which to read first.

Advanced
4/52015
Sécurité informatique

Cours et exercices corrigés

Gildas Avoine, Pascal Junod, Philippe Oechslin, Sylvain Pasini

A rigorous academic course on the foundations of security — cryptography, authentication, access control — with corrected exercises, from a team of well-known French and Swiss cryptographers.

Advanced
5/52020
Security Engineering

A Guide to Building Dependable Distributed Systems

Ross Anderson

Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.

Read this if

University students and engineers who want the formal foundations: cryptographic primitives, protocols, authentication and access control, with worked exercises to test understanding. Oechslin (rainbow tables) and Junod give the crypto real weight.
Anyone who builds, audits, or governs systems where failure has real-world consequences: banking, healthcare, voting, telecom, defence. The single most important security book ever written, and the rare textbook that improves with each edition.

Skip this if

Readers looking for practical pentesting, tooling or a gentle introduction. This is a courses-and-exercises textbook with mathematical rigour, not a hands-on hacking guide.
Readers looking for a hands-on tooling guide or a quick certification primer. Anderson works at the systems and policy layer; if you need to learn how to use Burp, this is not it. The 1,200 pages also reward patient readers, not skimmers.

Key takeaways

  • The strongest French-language treatment of the cryptographic and formal foundations of security, exercises included.
  • Written by serious cryptographers — Oechslin literally invented rainbow tables — so the crypto is correct and deep, not hand-waved.
  • Best used as a course companion; the corrected exercises are the real value over a pure narrative text.
  • Most production failures are economic and organisational, not cryptographic: incentives shape outcomes far more than primitives.
  • Threat models from one domain (banking, telecom, military) generalize to the next once you know what to look for, and Anderson is the best in the field at showing you.
  • Side channels, supply chains, and policy are first-class engineering concerns, not footnotes.

How they compare

We rate Security Engineering higher (5/5 against 4/5 for Sécurité informatique). For most readers, that means Security Engineering is the primary pick and Sécurité informatique is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Sécurité informatique and Security Engineering both cover Cryptography, so reading them in sequence reinforces the same material from different angles.

Keep reading

Sécurité informatique

Alternatives to Sécurité informatiqueWhat to read after Sécurité informatique

Security Engineering

Alternatives to Security EngineeringWhat to read after Security Engineering

Related topics

Cryptography