{"product_id":"threat-modeling-isbn-9781118809990","title":"Threat Modeling","description":"\u003cp\u003e\u003cb\u003eThe only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's \u003ci\u003eSecrets and Lies\u003c\/i\u003e and \u003ci\u003eApplied Cryptography\u003c\/i\u003e!\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003eAdam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.\u003c\/p\u003e \u003cp\u003eSystems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eProvides a unique how-to for security and software developers who need to design secure products and systems and test their designs\u003c\/li\u003e \u003cli\u003eExplains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric\u003c\/li\u003e \u003cli\u003eProvides effective approaches and techniques that have been proven at Microsoft and elsewhere\u003c\/li\u003e \u003cli\u003eOffers actionable how-to advice not tied to any specific software, operating system, or programming language\u003c\/li\u003e \u003cli\u003eAuthored by a Microsoft professional who is one of the most prominent threat modeling experts in the world\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eAs more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with \u003ci\u003eThreat Modeling: Designing for Security\u003c\/i\u003e.\u003c\/p\u003e \u003cp\u003eIntroduction xxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Getting Started 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Dive In and Threat Model! 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLearning to Threat Model 4\u003c\/p\u003e \u003cp\u003eThreat Modeling on Your Own 26\u003c\/p\u003e \u003cp\u003eChecklists for Diving In and Threat Modeling 27\u003c\/p\u003e \u003cp\u003eSummary 28\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Strategies for Threat Modeling 29\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e“What’s Your Threat Model?” 30\u003c\/p\u003e \u003cp\u003eBrainstorming Your Threats 31\u003c\/p\u003e \u003cp\u003eStructured Approaches to Threat Modeling 34\u003c\/p\u003e \u003cp\u003eModels of Software 43\u003c\/p\u003e \u003cp\u003eSummary 56\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Finding Threats 59\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 STRIDE 61\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding STRIDE and Why It’s Useful 62\u003c\/p\u003e \u003cp\u003eSpoofing Threats 64\u003c\/p\u003e \u003cp\u003eTampering Threats 67\u003c\/p\u003e \u003cp\u003eRepudiation Threats 68\u003c\/p\u003e \u003cp\u003eInformation Disclosure Threats 70\u003c\/p\u003e \u003cp\u003eDenial-of-Service Threats 72\u003c\/p\u003e \u003cp\u003eElevation of Privilege Threats 73\u003c\/p\u003e \u003cp\u003eExtended Example: STRIDE Threats against Acme-DB 74\u003c\/p\u003e \u003cp\u003eSTRIDE Variants 78\u003c\/p\u003e \u003cp\u003eExit Criteria 85\u003c\/p\u003e \u003cp\u003eSummary 85\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Attack Trees 87\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWorking with Attack Trees 87\u003c\/p\u003e \u003cp\u003eRepresenting a Tree 91\u003c\/p\u003e \u003cp\u003eExample Attack Tree 94\u003c\/p\u003e \u003cp\u003eReal Attack Trees 96\u003c\/p\u003e \u003cp\u003ePerspective on Attack Trees 98\u003c\/p\u003e \u003cp\u003eSummary 100\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Attack Libraries 101\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProperties of Attack Libraries 101\u003c\/p\u003e \u003cp\u003eCAPEC 104\u003c\/p\u003e \u003cp\u003eOWASP Top Ten 108\u003c\/p\u003e \u003cp\u003eSummary 108\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Privacy Tools 111\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSolove’s Taxonomy of Privacy 112\u003c\/p\u003e \u003cp\u003ePrivacy Considerations for Internet Protocols 114\u003c\/p\u003e \u003cp\u003ePrivacy Impact Assessments (PIA) 114\u003c\/p\u003e \u003cp\u003eThe Nymity Slider and the Privacy Ratchet 115\u003c\/p\u003e \u003cp\u003eContextual Integrity 117\u003c\/p\u003e \u003cp\u003eLINDDUN 120\u003c\/p\u003e \u003cp\u003eSummary 121\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III Managing and Addressing Threats 123\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Processing and Managing Threats 125\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eStarting the Threat Modeling Project 126\u003c\/p\u003e \u003cp\u003eDigging Deeper into Mitigations 130\u003c\/p\u003e \u003cp\u003eTracking with Tables and Lists 133\u003c\/p\u003e \u003cp\u003eScenario-Specifi c Elements of Threat Modeling 138\u003c\/p\u003e \u003cp\u003eSummary 143\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Defensive Tactics and Technologies 145\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTactics and Technologies for Mitigating Threats 145\u003c\/p\u003e \u003cp\u003eAddressing Threats with Patterns 159\u003c\/p\u003e \u003cp\u003eMitigating Privacy Threats 160\u003c\/p\u003e \u003cp\u003eSummary 164\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Trade-Off s When Addressing Threats 167\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eClassic Strategies for Risk Management 168\u003c\/p\u003e \u003cp\u003eSelecting Mitigations for Risk Management 170\u003c\/p\u003e \u003cp\u003eThreat-Specific Prioritization Approaches 178\u003c\/p\u003e \u003cp\u003eMitigation via Risk Acceptance 184\u003c\/p\u003e \u003cp\u003eArms Races in Mitigation Strategies 185\u003c\/p\u003e \u003cp\u003eSummary 186\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Validating That Threats Are Addressed 189\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTesting Threat Mitigations 190\u003c\/p\u003e \u003cp\u003eChecking Code You Acquire 192\u003c\/p\u003e \u003cp\u003eQA’ing Threat Modeling 195\u003c\/p\u003e \u003cp\u003eProcess Aspects of Addressing Threats 197\u003c\/p\u003e \u003cp\u003eTables and Lists 198\u003c\/p\u003e \u003cp\u003eSummary 202\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Threat Modeling Tools 203\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGenerally Useful Tools 204\u003c\/p\u003e \u003cp\u003eOpen-Source Tools 206\u003c\/p\u003e \u003cp\u003eCommercial Tools 208\u003c\/p\u003e \u003cp\u003eTools That Don’t Exist Yet 213\u003c\/p\u003e \u003cp\u003eSummary 213\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV Threat Modeling in Technologies and Tricky Areas 215\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Requirements Cookbook 217\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy a “Cookbook”? 218\u003c\/p\u003e \u003cp\u003eThe Interplay of Requirements, Threats, and Mitigations 219\u003c\/p\u003e \u003cp\u003eBusiness Requirements 220\u003c\/p\u003e \u003cp\u003ePrevent\/Detect\/Respond as a Frame for Requirements 221\u003c\/p\u003e \u003cp\u003ePeople\/Process\/Technology as a Frame for Requirements 227\u003c\/p\u003e \u003cp\u003eDevelopment Requirements vs. Acquisition Requirements 228\u003c\/p\u003e \u003cp\u003eCompliance-Driven Requirements 229\u003c\/p\u003e \u003cp\u003ePrivacy Requirements 231\u003c\/p\u003e \u003cp\u003eThe STRIDE Requirements 234\u003c\/p\u003e \u003cp\u003eNon-Requirements 240\u003c\/p\u003e \u003cp\u003eSummary 242\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Web and Cloud Threats 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWeb Threats 243\u003c\/p\u003e \u003cp\u003eCloud Tenant Threats 246\u003c\/p\u003e \u003cp\u003eCloud Provider Threats 249\u003c\/p\u003e \u003cp\u003eMobile Threats 250\u003c\/p\u003e \u003cp\u003eSummary 251\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Accounts and Identity 253\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAccount Life Cycles 254\u003c\/p\u003e \u003cp\u003eAuthentication 259\u003c\/p\u003e \u003cp\u003eAccount Recovery 271\u003c\/p\u003e \u003cp\u003eNames, IDs, and SSNs 282\u003c\/p\u003e \u003cp\u003eSummary 290\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Human Factors and Usability 293\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eModels of People 294\u003c\/p\u003e \u003cp\u003eModels of Software Scenarios 304\u003c\/p\u003e \u003cp\u003eThreat Elicitation Techniques 311\u003c\/p\u003e \u003cp\u003eTools and Techniques for Addressing Human Factors 316\u003c\/p\u003e \u003cp\u003eUser Interface Tools and Techniques 322\u003c\/p\u003e \u003cp\u003eTesting for Human Factors 327\u003c\/p\u003e \u003cp\u003ePerspective on Usability and Ceremonies 329\u003c\/p\u003e \u003cp\u003eSummary 331\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Threats to Cryptosystems 333\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCryptographic Primitives 334\u003c\/p\u003e \u003cp\u003eClassic Threat Actors 341\u003c\/p\u003e \u003cp\u003eAttacks against Cryptosystems 342\u003c\/p\u003e \u003cp\u003eBuilding with Crypto 346\u003c\/p\u003e \u003cp\u003eThings to Remember about Crypto 348\u003c\/p\u003e \u003cp\u003eSecret Systems: Kerckhoffs and His Principles 349\u003c\/p\u003e \u003cp\u003eSummary 351\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart V Taking It to the Next Level 353\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Bringing Threat Modeling to Your Organization 355\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHow To Introduce Threat Modeling 356\u003c\/p\u003e \u003cp\u003eWho Does What? 359\u003c\/p\u003e \u003cp\u003eThreat Modeling within a Development Life Cycle 367\u003c\/p\u003e \u003cp\u003eOvercoming Objections to Threat Modeling 379\u003c\/p\u003e \u003cp\u003eSummary 383\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18 Experimental Approaches 385\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLooking in the Seams 386\u003c\/p\u003e \u003cp\u003eOperational Threat Models 387\u003c\/p\u003e \u003cp\u003eThe “Broad Street” Taxonomy 392\u003c\/p\u003e \u003cp\u003eAdversarial Machine Learning 398\u003c\/p\u003e \u003cp\u003eThreat Modeling a Business 399\u003c\/p\u003e \u003cp\u003eThreats to Threat Modeling Approaches 400\u003c\/p\u003e \u003cp\u003eHow to Experiment 404\u003c\/p\u003e \u003cp\u003eSummary 405\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 19 Architecting for Success 407\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Flow 407\u003c\/p\u003e \u003cp\u003eKnowing the Participants 413\u003c\/p\u003e \u003cp\u003eBoundary Objects 414\u003c\/p\u003e \u003cp\u003eThe Best Is the Enemy of the Good 415\u003c\/p\u003e \u003cp\u003eClosing Perspectives 416\u003c\/p\u003e \u003cp\u003eSummary 419\u003c\/p\u003e \u003cp\u003eNow Threat Model 420\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A Helpful Tools 421\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCommon Answers to “What’s Your Threat Model?” 421\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B Threat Trees 429\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSTRIDE Threat Trees 430\u003c\/p\u003e \u003cp\u003eOther Threat Trees 470\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix C Attacker Lists 477\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAttacker Lists 478\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix D Elevation of Privilege: The Cards 501\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSpoofing 501\u003c\/p\u003e \u003cp\u003eTampering 503\u003c\/p\u003e \u003cp\u003eRepudiation 504\u003c\/p\u003e \u003cp\u003eInformation Disclosure 506\u003c\/p\u003e \u003cp\u003eDenial of Service 507\u003c\/p\u003e \u003cp\u003eElevation of Privilege (EoP) 508\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix E Case Studies 511\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Acme Database 512\u003c\/p\u003e \u003cp\u003eAcme’s Operational Network 519\u003c\/p\u003e \u003cp\u003ePhones and One-Time Token Authenticators 525\u003c\/p\u003e \u003cp\u003eSample for You to Model 528\u003c\/p\u003e \u003cp\u003eGlossary 533\u003c\/p\u003e \u003cp\u003eBibliography 543\u003c\/p\u003e \u003cp\u003eIndex 567\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eAdam Shostack\u003c\/b\u003e is a principal program manager on Microsoft's Trustworthy Computing team. He helped found the CVE \\, the Privacy Enhancing Technologies Symposium, and the International Financial Cryptography Association His experience shipping products (at both Microsoft and tiny startups) and managing operational security ensures the advice in this book is grounded in real experience.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003euse threat modeling to enhance software security\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIf you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and in the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning. \u003c\/p\u003e\u003cul\u003e \u003cli\u003eFind and fix security issues before they hurt you or your customers\u003c\/li\u003e \u003cli\u003eLearn to use practical and actionable tools, techniques, and approaches for software developers, IT professionals, and security enthusiasts\u003c\/li\u003e \u003cli\u003eExplore the nuances of software-centric threat modeling and discover its application to software and systems during the build phase and beyond\u003c\/li\u003e \u003cli\u003eApply threat modeling to improve security when managing complex systems\u003c\/li\u003e \u003cli\u003eManage potential threats using a structured, methodical framework\u003c\/li\u003e \u003cli\u003eDiscover and discern evolving security threats\u003c\/li\u003e \u003cli\u003eUse specific, actionable advice regardless of software type, operating system, or program approaches and techniques validated and proven to be effective at Microsoft and other top IT companies\u003c\/li\u003e\t \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990389276901,"sku":"NP9781118809990","price":65.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118809990.jpg?v=1761787630","url":"https:\/\/k12savings.com\/products\/threat-modeling-isbn-9781118809990","provider":"K12savings","version":"1.0","type":"link"}