Sinopsis
This book describes the useful models you can employ to address or mitigate these potential threats. People who build software, systems, or things with software need to address the many predictable threats their systems can face. Threat modeling is a fancy name for something we all do instinctively. If I asked you to threat model your house, you might start by thinking about the precious things within it: your family, heirlooms, photos, or perhaps your collection of signed movie posters. You might start thinking about the ways someone might break in, such as unlocked doors or open windows. And you might start thinking about the sorts of people who might break in, including neighborhood kids, professional burglars, drug addicts, perhaps a stalker, or someone trying to steal your Picasso original.
Each of these examples has an analog in the software world, but for now, the important thing is not how you guard against each threat, but that you’re able to relate to this way of thinking. If you were asked to help assess a friend’s house, you could probably help, but you might lack confi dence in how complete your analysis is. If you were asked to secure an offi ce complex, you might have a still harder time, and securing a military base or a prison seems even more difficult. In those cases, your instincts are insuffi cient, and you’d need tools to help tackle the questions. This book will give you the tools to think about threat modeling technology in structured and effective ways. In this introduction, you’ll learn about what threat modeling is and why individuals, teams, and organizations threat model. Those reasons include fi nding security issues early, improving your understanding of security requirements, and being able to engineer and deliver better products. This introduction has fi ve main sections describing what the book is about, including a defi nition of threat modeling and reasons it’s important; who should read this book; how to use it, and what you can expect to gain from the various parts, and new lessons in threat modeling.
Content
- Getting Started
- Dive In and Threat Model!
- Strategies for Threat Modeling
- Finding Threats
- STRIDE
- Attack Trees
- Attack Libraries
- Privacy Tools
- Managing and Addressing Threats
- Processing and Managing Threats
- Defensive Tactics and Technologies
- Trade-Off s When Addressing Threats
- Validating That Threats Are Addressed
- Threat Modeling Tools
- Threat Modeling in Technologies and Tricky Areas
- Requirements Cookbook
- Web and Cloud Threats
- Accounts and Identity
- Human Factors and Usability
- Threats to Cryptosystems
- Taking It to the Next Level
- Bringing Threat Modeling to Your Organization
- Experimental Approaches
- Architecting for Success
- Helpful Tools
- Threat Trees
0 komentar:
Posting Komentar