The Resource Threat Modeling : Designing for Security | Threat Modeling : Designing for Security, (electronic resource)

Threat Modeling : Designing for Security | Threat Modeling : Designing for Security, (electronic resource)

Label
Threat Modeling : Designing for Security
Title
Threat Modeling
Title remainder
Designing for Security
Creator
Subject
Language
eng
Summary
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. System
Member of
Cataloging source
EBLCP
Dewey number
005.8
Index
no index present
LC call number
QA76.9
Literary form
non fiction
Nature of contents
dictionaries
Series statement
OverDrive Collection
Target audience
adult
Label
Threat Modeling : Designing for Security | Threat Modeling : Designing for Security, (electronic resource)
Link
http://epl.lib.overdrive.com/ContentDetails.htm?ID=46E8D5C5-67A3-4857-B8A7-5806F8D56617
Publication
Creator
Note
  • Print version:
  • Description based upon print version of record
  • Customer/Vendor Trust Boundary
Antecedent source
unknown
Carrier category
online resource
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type MARC source
rdacontent
Contents
  • Cover; Title Page; Copyright; Contents; Introduction; Part I Getting Started; Chapter 1 Dive In and Threat Model!; Learning to Threat Model; What Are You Building?; What Can Go Wrong?; Addressing Each Threat; Checking Your Work; Threat Modeling on Your Own; Checklists for Diving In and Threat Modeling; Summary; Chapter 2 Strategies for Threat Modeling; "What's Your Threat Model?"; Brainstorming Your Threats; Brainstorming Variants; Literature Review; Perspective on Brainstorming; Structured Approaches to Threat Modeling; Focusing on Assets; Focusing on Attackers; Focusing on Software
  • Models of SoftwareTypes of Diagrams; Trust Boundaries; What to Include in a Diagram; Complex Diagrams; Labels in Diagrams; Color in Diagrams; Entry Points; Validating Diagrams; Summary; Part II Finding Threats; Chapter 3 STRIDE; Understanding STRIDE and Why It's Useful; Spoofing Threats; Spoofing a Process or File on the Same Machine; Spoofing a Machine; Spoofing a Person; Tampering Threats; Tampering with a File; Tampering with Memory; Tampering with a Network; Repudiation Threats; Attacking the Logs; Repudiating an Action; Information Disclosure Threats
  • Information Disclosure from a ProcessInformation Disclosure from a Data Store; Information Disclosure from a Data Flow; Denial-of-Service Threats; Elevation of Privilege Threats; Elevate Privileges by Corrupting a Process; Elevate Privileges through Authorization Failures; Extended Example: STRIDE Threats against Acme-DB; STRIDE Variants; STRIDE-per-Element; STRIDE-per-Interaction; DESIST; Exit Criteria; Summary; Chapter 4 Attack Trees; Working with Attack Trees; Using Attack Trees to Find Threats; Creating New Attack Trees; Representing a Tree; Human-Viewable Representations
  • Structured RepresentationsExample Attack Tree; Real Attack Trees; Fraud Attack Tree; Election Operations Assessment Threat Trees; Mind Maps; Perspective on Attack Trees; Summary; Chapter 5 Attack Libraries; Properties of Attack Libraries; Libraries and Checklists; Libraries and Literature Reviews; CAPEC; Exit Criteria; Perspective on CAPEC; OWASP Top Ten; Summary; Chapter 6 Privacy Tools; Solove's Taxonomy of Privacy; Privacy Considerations for Internet Protocols; Privacy Impact Assessments (PIA); The Nymity Slider and the Privacy Ratchet; Contextual Integrity
  • Contextual Integrity Decision HeuristicAugmented Contextual Integrity Heuristic; Perspective on Contextual Integrity; LINDDUN; Summary; Part III Managing and Addressing Threats; Chapter 7 Processing and Managing Threats; Starting the Threat Modeling Project; When to Threat Model; What to Start and (Plan to) End With; Where to Start; Digging Deeper into Mitigations; The Order of Mitigation; Playing Chess; Prioritizing; Running from the Bear; Tracking with Tables and Lists; Tracking Threats; Making Assumptions; External Security Notes; Scenario-Specific Elements of Threat Modeling
Control code
ocn870587031
Dimensions
unknown
Extent
1 online resource (626 pages)
File format
unknown
Form of item
online
Isbn
9781118809990
Level of compression
unknown
Media category
computer
Media MARC source
rdamedia
Quality assurance targets
not applicable
Reformatting quality
unknown
Sound
unknown sound
Specific material designation
remote
System control number
  • (Sirsi) o870587031
  • (CaAE) o870587031
  • (OCoLC)870587031

Library Locations

    • Stanley A. Milner (Downtown)Borrow it
      7 Sir Winston Churchill Square, Edmonton, AB, T5J 2V4, CA
      53.542897 -113.48975860000002
Processing Feedback ...