Threat Modeling: Designing for Security Author: Adam Shostack | Language: English | ISBN:
B00IG71FAS | Format: EPUB
Threat Modeling: Designing for Security Description
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.
Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.
- Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs
- Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric
- Provides effective approaches and techniques that have been proven at Microsoft and elsewhere
- Offers actionable how-to advice not tied to any specific software, operating system, or programming language
- Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world
As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
- File Size: 6218 KB
- Print Length: 569 pages
- Page Numbers Source ISBN: 1118809998
- Publisher: Wiley; 1 edition (February 12, 2014)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B00IG71FAS
- Text-to-Speech: Enabled
X-Ray:
- Lending: Enabled
- Amazon Best Sellers Rank: #18,760 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
- #20
in Books > Computers & Technology > Security & Encryption
- #20
in Books > Computers & Technology > Security & Encryption
When it comes to measuring and communicating threats, the most ineffective example in recent memory was the Homeland Security Advisory System; which was a color-coded terrorism threat advisory scale.
The system was rushed into use and its output of colors was not clear. What was the difference between levels such as high, guarded and elevated? From a threat perspective, which color was more severe - yellow or orange? Former DHS chairman Janet Napolitano even admitted that the color-coded system presented “little practical information” to the public
While the DHS has never really provided meaningful threat levels, in Threat Modeling: Designing for Security, author Adam Shostack (full disclosure: Adam and I are friends) has done a remarkable job in detailing an approach that is both achievable and functional. More importantly, he details a system where organizations can obtain meaningful and actionable information, rather than vague color charts.
Rather than letting clueless bureaucrats and Federal agencies define threats, the book details a formal system in which you can understand and particularize the unique threats your organizations faces.
In the introduction, Shostack sums up his approach in four questions:
What are you building?
What can go wrong with it once it’s built?
What should you do about those things that can go wrong?
Did you do a decent job of analysis?
The remaining 600 densely packed pages provide the formal framework needed to get meaningful answers to those questions. The book sets a structure in which to model threats, be it in software, applications, systems, software or services, such as cloud computing.
Threat Modeling: Designing for Security Preview
Link
Please Wait...