1 Foundations

fundamentals, trust, Classic Principles, Gold Standard, privacy

2 Threats

adversaries, The Four Questions framework, threat modeling, assets, attack surfaces, trust boundaries, privacy and threat modeling beyond security

3 Mitigation

addressing threats, strategies, attack surface minimization, windows of vulnerability, data exposure, access policy and controls, interfaces, communication, storage

4 Patterns

Design Attributes, Economy of Design, Transparent Design, Exposure Minimization, Least Privilege, Least Information, Secure by Default, Allowlists over Blocklists, Avoid Predictability, Fail Securely, Strong Enforcement, Complete Mediation, Least Common Mechanism, Redundancy, Defense in Depth, Separation of Privilege, Trust and Responsibility, Reluctance to Trust, Accept Security Responsibility, anti-patterns: Confused Deputy, Backflow of Trust, Third-Party Hooks, Unpatchable Components

5 Cryptography

using crypto tools, random numbers, Message Authentication Codes to prevent tampering and replay attacks, symmetric and asymmetric encryption, digital signatures and certificates, key exchange


6 Secure Design

security in design, assumptions, scope, requirements, integrating threat modeling, building mitigations, designing interfaces, data handling, privacy protections, lifecycle, trade-offs, simplicity

7 Security Design Review

review logistics, benefits, timing, documentation, review process in detail, assessment, Four Questions guidance, where to dig, privacy reviews, updates, managing disagreement, communicating, escalations, practice


8 Secure Programming

malicious influence, bugs and vulnerabilities, vulnerability chains, entropy, GotoFail, footguns, atomicity, timing attacks, serialization

9 Low-Level Coding Flaws

fixed-width integer and floating point vulnerabilities, safe arithmetic, memory allocation and access vulnerabilities, Heartbleed

10 Untrusted Input

input validation, validation criteria, rejecting and correcting invalid input, character string length and Unicode vulnerabilities, SQL injection, path traversal, regular expressions, XML vulnerabilities, mitigation strategies

11 Web Security

frameworks, Web security model, HTTP protocol, digital certificates and HTTPS, Same Origin policy, cookies, cross-site scripting (XSS) and request forgery (CSRF), and more

12 Security Testing

GotoFail example, functional testing, security test cases, input validation testing, XSS testing, fuzz testing, security regression testing, availability testing, resource consumption, threshold testing, best practices, Test-Driven Development, leveraging integration testing, catching up

13 Secure Development Best Practices

code quality and hygiene, exception and error handling, documentation, security code reviews, dependencies, securing interfaces, triage, DREAD assessments and triage decisions, secure development environment, software release

Additional content


call to action, everyone’s job, baking in security, future security, software quality, managing complexity, transparency, authenticity, trust, responsibility, delivering the last mile, conclusion

App. A - Sample Design Document

a private data logging component design document that demonstrates how security is built into a software design

App. B - Glossary

definitions of security terminology used in the book

App. C - Exercises

suggestions for further study and practice using the ideas presented in each chapter

App. D - Cheat Sheets

classic security principles, Gold Standard, the Four Questions, STRIDE threat taxonomy, secure design patterns and anti-patterns, security design review process outline, DREAD vulnerability assessment