Threat Modeling Designing for Security 1st edition by Adam Shostack – Ebook PDF Instant Download/Delivery: 1118809990, 978-1118809990
Full download Threat Modeling Designing for Security 1st edition after payment
Product details:
ISBN 10: 1118809990
ISBN 13: 978-1118809990
Author: Adam Shostack
The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier’s Secrets and Lies and Applied Cryptography!
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You’ll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.
Systems security managers, you’ll find tools and a framework for structured thinking about what can go wrong. Software developers, you’ll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you’ll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.
Threat Modeling Designing for Security 1st Table of contents:
Part I Getting Started
Chapter 1 Dive In and Threat Model!
Learning to Threat Model
Threat Modeling on Your Own
Checklists for Diving In and Threat Modeling
Summary
Chapter 2 Strategies for Threat Modeling
“What’s Your Threat Model?”
Brainstorming Your Threats
Structured Approaches to Threat Modeling
Models of Software
Summary
Part II Finding Threats
Chapter 3 STRIDE
Understanding STRIDE and Why It’s Useful
Spoofing Threats
Tampering Threats
Repudiation Threats
Information Disclosure Threats
Denial-of-Service Threats
Elevation of Privilege Threats
Extended Example: STRIDE Threats against Acme-DB
STRIDE Variants
Exit Criteria
Summary
Chapter 4 Attack Trees
Working with Attack Trees
Representing a Tree
Example Attack Tree
Real Attack Trees
Perspective on Attack Trees
Summary
Chapter 5 Attack Libraries
Properties of Attack Libraries
CAPEC
OWASP Top Ten
Summary
Chapter 6 Privacy Tools
Solove’s Taxonomy of Privacy
Privacy Considerations for Internet Protocols
Privacy Impact Assessments (PIA)
The Nymity Slider and the Privacy Ratchet
Contextual Integrity
LINDDUN
Summary
Part III Managing and Addressing Threats
Chapter 7 Processing and Managing Threats
Starting the Threat Modeling Project
Digging Deeper into Mitigations
Tracking with Tables and Lists
Scenario-Specific Elements of Threat Modeling
Summary
Chapter 8 Defensive Tactics and Technologies
Tactics and Technologies for Mitigating Threats
Addressing Threats with Patterns
Mitigating Privacy Threats
Summary
Chapter 9 Trade-Offs When Addressing Threats
Classic Strategies for Risk Management
Selecting Mitigations for Risk Management
Threat-Specific Prioritization Approaches
Mitigation via Risk Acceptance
Arms Races in Mitigation Strategies
Summary
Chapter 10 Validating That Threats Are Addressed
Testing Threat Mitigations
Checking Code You Acquire
QA’ing Threat Modeling
Process Aspects of Addressing Threats
Tables and Lists
Summary
Chapter 11 Threat Modeling Tools
Generally Useful Tools
Open-Source Tools
Commercial Tools
Tools That Don’t Exist Yet
Summary
Part IV Threat Modeling in Technologies and Tricky Areas
Chapter 12 Requirements Cookbook
Why a “Cookbook”?
The Interplay of Requirements, Threats, and Mitigations
Business Requirements
Prevent/Detect/Respond as a Frame for Requirements
People/Process/Technology as a Frame for Requirements
Development Requirements vs. Acquisition Requirements
Compliance-Driven Requirements
Privacy Requirements
The STRIDE Requirements
Non-Requirements
Summary
Chapter 13 Web and Cloud Threats
Web Threats
Cloud Tenant Threats
Cloud Provider Threats
Mobile Threats
Summary
Chapter 14 Accounts and Identity
Account Life Cycles
Authentication
Account Recovery
Names, IDs, and SSNs
Summary
Chapter 15 Human Factors and Usability
Models of People
Models of Software Scenarios
Threat Elicitation Techniques
Tools and Techniques for Addressing Human Factors
User Interface Tools and Techniques
Testing for Human Factors
Perspective on Usability and Ceremonies
Summary
Chapter 16 Threats to Cryptosystems
Cryptographic Primitives
Classic Threat Actors
Attacks against Cryptosystems
Building with Crypto
Things to Remember about Crypto
Secret Systems: Kerckhoffs and His Principles
Summary
Part V Taking It to the Next Level
Chapter 17 Bringing Threat Modeling to Your Organization
How To Introduce Threat Modeling
Who Does What?
Threat Modeling within a Development Life Cycle
Overcoming Objections to Threat Modeling
Summary
Chapter 18 Experimental Approaches
Looking in the Seams
Operational Threat Models
The “Broad Street” Taxonomy
Adversarial Machine Learning
Threat Modeling a Business
Threats to Threat Modeling Approaches
How to Experiment
Summary
Chapter 19 Architecting for Success
Understanding Flow
Knowing the Participants
Boundary Objects
The Best Is the Enemy of the Good
Closing Perspectives
Summary
People also search for Threat Modeling Designing for Security 1st:
threat modeling designing for security by adam shostack
types of threat modeling
threat modeling designing for security amazon
threat modeling designing for security
threat modeling designing for security pdf
Tags: Adam Shostack, Threat Modeling, Designing for Security