Threat-Driven Software Development: Defending online services from modern threat actors

By Michael Howard, Lee Holmes, Sherrod DeGrippo, Shawn Hernan

eBook

Your price: $38.39
List price: $47.99

Pre-order

About eBook formats

This eBook includes the following formats, accessible from your Account page after purchase:

EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

PDF The popular standard, which reproduces the look and layout of the printed page.

This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Also available in other formats.

Description

Sample Content

Errata & Updates

Published 7/9/2026
1st Edition

eBook 978-0-13-556735-7

Are you ready to build online services that can stand up to real adversaries? Threat-Driven Software Development is your practical guide to designing, coding, and operating systems through the lens of how attackers actually work. Written by Microsoft security leaders Michael Howard, Sherrod DeGrippo, Shawn Hernan, and Lee Holmes, this hands-on book shows developers, architects, and IT professionals how to turn threat intelligence into daytoday engineering decisions. Youll learn to prioritize with a risk register, harden software supply chains and engineering systems, protect identities and secrets, and contain blast radius with isolation and network guardrails. With concise, storydriven chapters; featuring real incidents; youll deploy honeypots and decoys, instrument services for highsignal telemetry, strengthen red/blue team response, and leverage AI safely on both offense and defense. Clear, actionable, and fieldtested, this book will help you move beyond bug fixing to measurable resilience against modern threat actors. Dont just react to the next attack; get ahead of it.

Part 1 When Software Meets the Real World

Ch 1 Today's Threat Landscape

Ch 2 Security is more than one Team

Ch 3 Why Microsoft Adopted SFI

Ch 4 How Operational Security is Different

Ch 5 Understanding the Terrain

Ch 6 Controlling the Terrain

Part 2 The Role of AI in Security

Ch 7 AI and Security Backgrounder

Ch 8 Offensive AI

Ch 9 Defensive AI

Ch 10 Security Engineering with AI

Part 3 Threats to Systems

Ch 11 Build and Engineering Systems

Ch 12 Identities and Secrets

Ch 13 Production Tenants and Systems

Ch 14 Production Networks

Ch 15 Monitor and Detect Threats

Ch 16 Response and Remediation

Ch 17 Product Security

Part 4 Learning from SFI An Implementation Playbook

Ch 18 Crawl, Walk, Run How to add Security Discipline

Ch 19 Tracking and Quantifying Risk

Ch 20 Reducing Risk

Ch 21 How do we get ahead of security vulns

Part 5 Some Final Thoughts

Ch 22 Rethinking the role of C and C++

Ch 23 Are we more secure now than yesterday?