{"product_id":"risk-centric-threat-modeling-isbn-9780470500965","title":"Risk Centric Threat Modeling","description":"\u003cp\u003eThis book introduces the Process for Attack Simulation \u0026amp; Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.  \u003c\/p\u003e \u003cp\u003eThis book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the focus of Chapter 5.  Chapter 6 and Chapter 7 examine Process for Attack Simulation and Threat Analysis (PASTA). Finally, Chapter 8 shows how to use the PASTA risk-centric threat modeling process to analyze the risks of specific threat agents targeting web applications. This chapter focuses specifically on the web application assets that include customer’s confidential data and business critical functionality that the web application provides.\u003c\/p\u003e \u003cp\u003e• Provides a detailed walkthrough of the PASTA methodology alongside software development activities, normally conducted via a standard SDLC process\u003c\/p\u003e \u003cp\u003e• Offers precise steps to take when combating threats to businesses\u003c\/p\u003e \u003cp\u003e• Examines real-life data breach incidents and lessons for risk management\u003c\/p\u003e \u003cp\u003e\u003ci\u003eRisk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis\u003c\/i\u003e is a resource for software developers, architects, technical risk managers, and seasoned security professionals. \u003c\/p\u003e \u003cp\u003eForeword ix\u003c\/p\u003e \u003cp\u003ePreface xv\u003c\/p\u003e \u003cp\u003eList of Figures xvii\u003c\/p\u003e \u003cp\u003eList of Tables xxiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Threat Modeling Overview 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefinitions 1\u003c\/p\u003e \u003cp\u003eOrigins and Use 3\u003c\/p\u003e \u003cp\u003eSummary 8\u003c\/p\u003e \u003cp\u003eRationale and Evolution of Security Analysis 9\u003c\/p\u003e \u003cp\u003eSummary 19\u003c\/p\u003e \u003cp\u003eBuilding A Better Risk Model 19\u003c\/p\u003e \u003cp\u003eSummary 31\u003c\/p\u003e \u003cp\u003eThreat Anatomy 33\u003c\/p\u003e \u003cp\u003eSummary 48\u003c\/p\u003e \u003cp\u003eCrowdsourcing Risk Analytics 48\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Objectives and Benefits of Threat Modeling 63\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefining a Risk Mitigation Strategy 63\u003c\/p\u003e \u003cp\u003eImproving Application Security 82\u003c\/p\u003e \u003cp\u003eBuilding Security in the Software Development Life Cycle 92\u003c\/p\u003e \u003cp\u003eIdentifying Application Vulnerabilities and Design Flaws 104\u003c\/p\u003e \u003cp\u003eAnalyzing Application Security Risks 118\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Existing Threat Modeling Approaches 137\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity Software Risk-Based Variants 137\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Threat Modeling Within the SDLC 195\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBuilding Security in SDLC with Threat Modeling 195\u003c\/p\u003e \u003cp\u003eIntegrating Threat Modeling Within The Different Types of SDLCs 205\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Threat Modeling and Risk Management 235\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eData Breach Incidents and Lessons for Risk Management 235\u003c\/p\u003e \u003cp\u003eThreats and Risk Analysis 259\u003c\/p\u003e \u003cp\u003eRisk-Based Threat Modeling 282\u003c\/p\u003e \u003cp\u003eThreat Modeling in Information Security and Risk\u003c\/p\u003e \u003cp\u003eManagement Processes 289\u003c\/p\u003e \u003cp\u003eThreat Modeling Within Security Incident Response Processes 306\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Intro to PASTA 317\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRisk-Centric Threat Modeling 317\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Diving Deeper into PASTA 343\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExploring the Seven Stages and Embedded Threat Modeling Activities 343\u003c\/p\u003e \u003cp\u003eChapter Summary 478\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 PASTA Use Case 479\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePASTA Use Case Example Walk-Through 479\u003c\/p\u003e \u003cp\u003eGlossary 633\u003c\/p\u003e \u003cp\u003eReferences 653\u003c\/p\u003e \u003cp\u003eIndex 657\u003c\/p\u003e \u003cp\u003e\u003cb\u003eTony UcedaVélez\u003c\/b\u003e is CEO at VerSprite, an Atlanta based security services firm assisting global MNCs on various areas of cyber security, secure software development, threat modeling and security risk management. Tony has worked and led teams in the areas of application security, penetration testing, security architecture, and technical risk management for various organizations in Utility, Banking, Government, Retail, Healthcare, and Information Services.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eMarco M Morana\u003c\/b\u003e serves as Senior Vice President-Application Security Architect for CitiGroup, where he is responsible for managing the architecture risk analysis and threat modeling program globally and leads global initiatives to mitigate risks of emerging cyber-threats targeting web applications of institutional clients. Marco has designed and developed business critical security software products for several Fortune 500 companies, and also for NASA.  \u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e  \u003cp\u003e\u003cb\u003eThis book introduces the Process for Attack Simulation \u0026amp; Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.  \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThis book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the focus of Chapter 5.  Chapter 6 and Chapter 7 examine Process for Attack Simulation and Threat Analysis (PASTA). Finally, Chapter 8 shows how to use the PASTA risk-centric threat modeling process to analyze the risks of specific threat agents targeting web applications. This chapter focuses specifically on the web application assets that include customer’s confidential data and business critical functionality that the web application provides.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eProvides a detailed walkthrough of the PASTA methodology alongside software development activities, normally conducted via a standard SDLC process\u003c\/li\u003e \u003cli\u003eOffers precise steps to take when combating threats to businesses\u003c\/li\u003e \u003cli\u003eExamines real-life data breach incidents and lessons for risk management\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003ci\u003eRisk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis\u003c\/i\u003eis a resource for software developers, architects, technical risk managers, and seasoned security professionals. \u003c\/p\u003e \u003cp\u003e\u003cb\u003eTony UcedaVélez\u003c\/b\u003e is CEO at VerSprite, an Atlanta based security services firm assisting global MNCs on various areas of cyber security, secure software development, threat modeling and security risk management. Tony has worked and led teams in the areas of application security, penetration testing, security architecture, and technical risk management for various organizations in Utility, Banking, Government, Retail, Healthcare, and Information Services.\u003c\/p\u003e \u003cb\u003eMarco M Morana\u003c\/b\u003e serves as Senior Vice President-Application Security Architect for CitiGroup, where he is responsible for managing the architecture risk analysis and threat modeling program globally and leads global initiatives to mitigate risks of emerging cyber-threats targeting web applications of institutional clients. Marco has designed and developed business critical security software products for several Fortune 500 companies, and also for NASA.   ","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989966471397,"sku":"NP9780470500965","price":120.95,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780470500965.jpg?v=1761786059","url":"https:\/\/k12savings.com\/products\/risk-centric-threat-modeling-isbn-9780470500965","provider":"K12savings","version":"1.0","type":"link"}