Goodreads helps you keep track of books you want to read.
Start by marking “Security Engineering: A Guide to Building Dependable Distributed Systems 2ed” as Want to Read:
Security Engineering: A Guide to Building Dependable Distributed Systems 2ed
Enlarge cover
Rate this book
Clear rating
Open Preview

Security Engineering: A Guide to Building Dependable Distributed Systems 2ed

4.22  ·  Rating details ·  508 ratings  ·  20 reviews
The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable ...more
Hardcover, 1040 pages
Published April 1st 2008 by Wiley (first published 2001)
More Details... Edit Details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about Security Engineering, please sign up.

Be the first to ask a question about Security Engineering

Community Reviews

Showing 1-30
Average rating 4.22  · 
Rating details
 ·  508 ratings  ·  20 reviews

More filters
Sort order
Start your review of Security Engineering: A Guide to Building Dependable Distributed Systems 2ed
Kam Yung Soh
Feb 05, 2013 rated it it was amazing
An impressive technical book that looks at security in all its forms (physical, computer based, social) and shows you the various ways security can be implemented and compromised.

This book also shows you why security should never be a 'by-the-way' or implemented after the fact but must be considered right at the start. Not only that, it also shows you why a world-view of security should be considered; it is not something that can only be targeted at one part of a system and expected to work.

Alexej Gerstmaier
Feb 17, 2020 rated it liked it
I read the third edition, which is available for free right now except chapters 20 to 25 which aren't released yet.

It contains a lot of the history regarding the different domains where security engineering is applied. It raised awareness in me regarding potential security pitfalls.

However, the book lacks actionable advice on how to actually BUILD dependable systems.

Will maybe update my review when the other chapters are released.
Nov 30, 2013 rated it liked it
I'm of two minds about this book.

One the one hand, it's an amazingly comprehensive reference. If you're not a security geek, this book will tell you everything you never knew you wanted to know. It doesn't just cover code or web applications, but it covers just about every single security scheme humanity has invented, from nuclear launch codes to PINs to PKI to passive snooping through Van Eck phreaking. It's solid.

BUT. It's also all over the place. The book is not a "guide to building
Feb 12, 2013 rated it it was amazing
Shelves: security
This book took me four weeks to read, but it is fantastic. Just like what the two security engineers said.

"Security Engineering is different from any other kind of programming...if you're even thinking of doing any security engineering, you need to read this book." -Bruce Schneier

"This is the best book on computer security. Buy it, but more importantly, read it and apply it to your work." -Gary McGraw

Jul 16, 2017 rated it liked it
Shelves: computer-science
Good book even though it is 10 year old. There are a lot of case of study but it is useless if you know nothing about information security. The book is not a guide to building a dependable system but rather a guide to system failures
Shayan aminnjad
Oct 18, 2019 rated it really liked it
I enjoyed the book and there was moments I couldn't stop reading. however, I think it was vague sometimes, but despite the fact, I can't tell if it was the author's mistake. The topic is hard, it is about deception, understanding it, and find a way to defend against it. if something is easy to understand then it is not a deception!
So beware, You'll need a lot of time to read this book, and you should think a lot of how deceptions work, and how the current way of defending against them might
Aug 07, 2018 rated it it was amazing
This is the penultimate book about InfoSec. A friend once said, "look, the app I'm making has nothing to do with security. It's for turning on lights." When their little program turned into a doorway for a nasty hackathon, they realized that all apps and api can be a doorway. So, I always recommend this to coders and really anyone heading into tech design/production. I mean, even hardware designs have security flaws.
Mar 24, 2013 rated it really liked it
A solid book on security, covering many aspects - threat modelling, vulnerability analysis, enforcement, assurance/certification, with a heavy focus on the economic interests of the various principles involved in security, both electronic and physical. The book is very readable; the stuff with scary maths is easily skimmed over, and the rest of the book is full of well-written, relevant and interesting examples. I didn't give this book 5 stars only because it was a little too general; it seemed ...more
Andrew Douma
I will do my best to recommend this book to anyone involved in IT. Despite being last updated 8 years ago almost every prediction about security engineering still holds true today. This isn't a technical how-to book to build distributed systems but teaches you the principles while entertaining you with real world examples from the writer's own experience.
Joel Land
Jun 27, 2013 rated it it was amazing
Shelves: non-fiction
Amazing, everything one could dream for in a technical textbook. I'd venture to say it's well-enough written that it might appeal to readers passingly interested in the subject or even bored sitters in a room with no other form of entertainment (these types might even want to carry it out of the unfortunate situation as thanks for the help in passing the time amicably). My favorite schoolbook since returning to duty.
Mar 10, 2013 rated it liked it
I'm ashamed to say that it took me more than 2 years to finish this book. However, I think it is significant that even a fiction reader, like me, can enjoy this book. In my opinion, the book is losing relevance because even this second edition is now 7 years old. While reading it, there were many times that I wondered what the author would say about more recent developments.
Oct 02, 2012 rated it really liked it
Wow took me a while to finish this one. At first i tried to read cover to cover but was unable to due to work and i had trouble to stay focused and interested but after a while i had to skip some parts. Nonetheless book is a great compilation of various security and side-fields which provide historical lessons and "what to not do" when building security systems.
Apr 27, 2016 rated it liked it
I took this as a pleasurable read, not for class work. I was curious in particular about how common physical security measures are implemented and in encryption methods. The book is a bit dated (2001), but I was not disappointed. I particularly liked the sections on bank and military security.
Jason Copenhaver
Feb 28, 2013 rated it liked it
Yes.. It's a textbook, but an interesting one. It covers a wide range of security topics with plenty of supporting material, future reading, and even research ideas. The fact that it was updated recently and released for free as PDF helps as well. Anyone interested in security should read this.
Aug 28, 2012 rated it it was ok
Shelves: for-school
ugh. This book was chocked full of information, but it was obfuscated by nearly illegible grammar and structure. Exceptionally difficult reading.
Jari Pirhonen
The best security book ever written.
Nov 24, 2016 rated it really liked it
Excellent book. We are a long way from a grand theory of security. Yet Anderson pulls together an incredibly wide range of sub-disciplines and draws out the common themes (read failures).
May 18, 2015 rated it it was amazing
Great reference
Justin Andrusk
Dec 19, 2012 rated it it was amazing
One of the best security books I have ever read. I plan on applying a number of principles outlined in the book. I recommend it to any serious security practitioner.
Domenico Tatone
rated it really liked it
Sep 16, 2015
rated it really liked it
Nov 28, 2014
rated it it was amazing
Oct 17, 2013
Keijo Kala
rated it really liked it
Aug 17, 2018
Fawaz Al Amri
rated it really liked it
Apr 23, 2017
rated it really liked it
Apr 18, 2019
Alfredo Rodriguez
rated it it was amazing
Jun 16, 2016
David Pagbe
rated it it was amazing
Mar 20, 2015
Aanjhan Ranganathan
rated it liked it
Jul 10, 2010
Aishu Mohan
rated it it was amazing
May 09, 2016
rated it it was amazing
Jan 06, 2019
« previous 1 3 4 5 6 7 8 9 next »
There are no discussion topics on this book yet. Be the first to start one »

Readers also enjoyed

  • Hacking: The Art of Exploitation
  • Applied Cryptography: Protocols, Algorithms, and Source Code in C
  • The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
  • Cryptography Engineering: Design Principles and Practical Applications
  • Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
  • Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
  • The Hacker Crackdown: Law and Disorder on the Electronic Frontier
  • Operating Systems: Principles and Practice
  • Gray Hat Hacking: The Ethical Hacker's Handbook
  • Secrets and Lies: Digital Security in a Networked World
  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
  • In the Plex: How Google Thinks, Works, and Shapes Our Lives
  • UNIX and Linux System Administration Handbook
  • Strange Planet
  • Selling to the C-Suite: What Every Executive Wants You to Know about Successfully Selling to the Top
  • The C Programming Language
  • Reversing: Secrets of Reverse Engineering
  • Operating System Concepts
See similar books…

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »
“the absence of an ‘international standard burglar’, the nearest I know to a working classification is one developed by a U.S. Army expert [118]. Derek is a 19-year old addict. He's looking for a low-risk opportunity to steal something he can sell for his next fix. Charlie is a 40-year old inadequate with seven convictions for burglary. He's spent seventeen of the last twenty-five years in prison. Although not very intelligent he is cunning and experienced; he has picked up a lot of ‘lore’ during his spells inside. He steals from small shops and suburban houses, taking whatever he thinks he can sell to local fences. Bruno is a ‘gentleman criminal’. His business is mostly stealing art. As a cover, he runs a small art gallery. He has a (forged) university degree in art history on the wall, and one conviction for robbery eighteen years ago. After two years in jail, he changed his name and moved to a different part of the country. He has done occasional ‘black bag’ jobs for intelligence agencies who know his past. He'd like to get into computer crime, but the most he's done so far is stripping $100,000 worth of memory chips from a university's PCs back in the mid-1990s when there was a memory famine. Abdurrahman heads a cell of a dozen militants, most with military training. They have infantry weapons and explosives, with PhD-grade technical support provided by a disreputable country. Abdurrahman himself came third out of a class of 280 at the military academy of that country but was not promoted because he's from the wrong ethnic group. He thinks of himself as a good man rather than a bad man. His mission is to steal plutonium. So Derek is unskilled, Charlie is skilled, Bruno is highly skilled and may have the help of an unskilled insider such as a cleaner, while Abdurrahman is not only highly skilled but has substantial resources.” 0 likes
More quotes…