Threat-Driven Software Development by Michael Howard (.ePUB)+
File Size: 12.9 MB
Threat-Driven Software Development: Defending online services from modern threat actors by Michael Howard, Lee Holmes, Sherrod DeGrippo, Shawn Hernan
Requirements: .ePUB, .PDF reader, 12.9 MB
Overview: Seasoned security leaders from Microsoft unveil a groundbreaking guide to threat-driven software development for defending online services from modern threat actors. Threat-Driven Software Development: Defending online services from modern threat actors is a practical, field-tested guide authored by Microsoft security leaders Michael Howard, Lee Holmes, Sherrod DeGrippo and Shawn Hernan. Drawing on decades of experience in threat intelligence, red teaming, and secure architecture at scale, the authors describe how to defend against what real adversaries actually do in the field and maps that knowledge through concrete engineering. Grounded in the Microsoft Secure Future Initiative (SFI), and threat intelligence, the book maps attacker behaviors to secure-by-design and secure-by-default principles, identity and secret protection, supply chain and engineering system hardening, isolation, monitoring and detection, and effective red team/response workflows. The book also shows how AI can be applied defensively; augmenting threat modeling, code review, threat detection and response, while helping software teams use AI to ship faster without compromising security. With concise, accessible chapters; each infused with real-world stories and threat intel, readers learn how to prioritize work against nation-state and criminal tradecraft, shape the defensive battlefield, and strengthen the human element. The result is a hands-on playbook that empowers developers and IT professionals to build resilient online services, measurably reduce risk, and stay ahead of modern threat actors. The backbone of the computer industry for over 40 years has been the venerable C programming language. C was designed as a higher-level assembly language and is blazingly fast, and there is a good reason for that speed. Its speed comes, in part, from having direct access to memory. Building on the foundation laid by C, C++ introduced object-oriented programming while maintaining backward compatibility with C. While it’s possible (and common) to use C++ simply as a more syntactically flexible version of C, the real power of C++ comes when developers learn and adopt modern C++. Modern C++ is an evolution of the C++ programming language that emphasizes (potentially) safer, more efficient, and more expressive code, using its standard template library (STL) as well as newer language features. But the efficiency of C and C++ comes at a cost: safety and security. Direct, unchecked access to memory leads to memory safety issues that cause undefined behavior (UB). UB can have catastrophic security-related side effects—otherwise known as vulnerabilities, According to studies by Microsoft and Google, about 70% of vulnerabilities at each company have been memory safety issues in C and C++ code. This has led the industry to reconsider the role of C and C++, and we are now in a position to say it is time to move away from C and C++. Migrating from C and C++ is tough to do, however, as we will discuss later.
Genre: Non-Fiction > Tech & Devices
Free Download links: