You might wonder why Microsoft is publishing a book about security testing, given the grave difficulties of the job—trying to make software more secure. Certainly, Microsoft has had its fair share of security problems and thus has plenty of experience for testers to ponder. We (the authors) began working at Microsoft prior to the company’s Trustworthy Computing Initiative, which was proposed in 2002. Since the Initiative became Microsoft practice, we have seen a significant change in how Microsoft approaches security. Security is no longer just the responsibility of a security expert—now it is everyone’s responsibility. This book about aggressive security testing of software emerges from our experience at work at Microsoft and our ...