Description |
1 online resource |
Note |
Title from content provider. |
Contents |
Intro -- Copyright -- Table of Contents -- Foreword -- Preface -- Why We Wrote This Book -- Who This Book Is For -- What Is (and Isn't!) in This Book -- These Techniques Apply Across Various Systems -- Your Contribution Matters -- Conventions Used in This Book -- O'Reilly Online Learning -- How to Contact Us -- Acknowledgments -- Introduction -- The Basics of Threat Modeling -- What Is Threat Modeling? -- Why You Need Threat Modeling -- Obstacles -- Threat Modeling in the System Development Life Cycle -- Essential Security Principles -- Basic Concepts and Terminology |
|
Calculating Severity or Risk -- Core Properties -- Fundamental Controls -- Basic Design Patterns for Secure Systems -- Summary -- Chapter 1. Modeling Systems -- Why We Create System Models -- System Modeling Types -- Data Flow Diagrams -- Sequence Diagrams -- Process Flow Diagrams -- Attack Trees -- Fishbone Diagrams -- How to Build System Models -- What Does a Good System Model Look Like? -- Summary -- Chapter 2. A Generalized Approach to Threat Modeling -- Basic Steps -- What You Are Looking for in a System Model -- The Usual Suspects -- What You Should Not Expect to Discover |
|
Threat Intelligence Gathering -- Summary -- Chapter 3. Threat Modeling Methodologies -- Before We Go Too Deep... -- Looking Through Filters, Angles, and Prisms -- To the Methodologies, at Last! -- STRIDE -- STRIDE per Element -- STRIDE per Interaction -- Process for Attack Simulation and Threat Analysis -- Threat Assessment and Remediation Analysis -- Trike -- Specialized Methodologies -- LINDDUN -- Madness? This Is SPARTA! -- INCLUDES NO DIRT -- Shall We Play a Game? -- Game: Elevation of Privilege -- Game: Elevation of Privilege and Privacy -- Game: OWASP Cornucopia |
|
Game: Security and Privacy Threat Discovery Cards -- Game: LINDDUN GO -- Summary -- Chapter 4. Automated Threat Modeling -- Why Automate Threat Modeling? -- Threat Modeling from Code -- How It Works -- Threat Modeling with Code -- How It Works -- pytm -- Threagile -- An Overview of Other Threat Modeling Tools -- IriusRisk -- SD Elements -- ThreatModeler -- OWASP Threat Dragon -- Microsoft Threat Modeling Tool -- CAIRIS -- Mozilla SeaSponge -- Tutamen Threat Model Automator -- Threat Modeling with ML and AI -- Summary -- Chapter 5. Continuous Threat Modeling -- Why Continuous Threat Modeling? |
|
The Continuous Threat Modeling Methodology -- Evolutionary: Getting Better All the Time -- The Autodesk Continuous Threat Modeling Methodology -- Baselining -- Baseline Analysis -- When Do You Know You Did Enough? -- Threat Model Every Story -- Findings from the Field -- Summary -- Chapter 6. Own Your Role as a Threat Modeling Champion -- How Do I Get Leadership On-Board with Threat Modeling? -- How Do I Overcome Resistance from the Rest of the Product Team? -- How Do We Overcome the Sense of (or Actual) Failure at Threat Modeling? |
Added Author |
Coles, Matthew J.
|
ISBN |
9781492056553 (paperback) |
|
1492056553 (paperback) |
|