CHF47.00
Download steht sofort bereit
The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.
Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.
Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs
Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric
Provides effective approaches and techniques that have been proven at Microsoft and elsewhere
Offers actionable how-to advice not tied to any specific software, operating system, or programming language
Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world
As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
Autorentext
Adam Shostack is a principal program manager on Microsoft's Trustworthy Computing team. He helped found the CVE , the Privacy Enhancing Technologies Symposium, and the International Financial Cryptography Association His experience shipping products (at both Microsoft and tiny startups) and managing operational security ensures the advice in this book is grounded in real experience.
Klappentext
use threat modeling to enhance software security If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and in the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning.
Inhalt
Introduction xxi
Part I Getting Started 1
Chapter 1 Dive In and Threat Model! 3
Learning to Threat Model 4
Threat Modeling on Your Own 26
Checklists for Diving In and Threat Modeling 27
Summary 28
Chapter 2 Strategies for Threat Modeling 29
What's Your Threat Model? 30
Brainstorming Your Threats 31
Structured Approaches to Threat Modeling 34
Models of Software 43
Summary 56
Part II Finding Threats 59
Chapter 3 STRIDE 61
Understanding STRIDE and Why It's Useful 62
Spoofing Threats 64
Tampering Threats 67
Repudiation Threats 68
Information Disclosure Threats 70
Denial-of-Service Threats 72
Elevation of Privilege Threats 73
Extended Example: STRIDE Threats against Acme-DB 74
STRIDE Variants 78
Exit Criteria 85
Summary 85
Chapter 4 Attack Trees 87
Working with Attack Trees 87
Representing a Tree 91
Example Attack Tree 94
Real Attack Trees 96
Perspective on Attack Trees 98
Summary 100
Chapter 5 Attack Libraries 101
Properties of Attack Libraries 101
CAPEC 104
OWASP Top Ten 108
Summary 108
Chapter 6 Privacy Tools 111
Solove's Taxonomy of Privacy 112
Privacy Considerations for Internet Protocols 114
Privacy Impact Assessments (PIA) 114
The Nymity Slider and the Privacy Ratchet 115
Contextual Integrity 117
LINDDUN 120
Summary 121
Part III Managing and Addressing Threats 123
Chapter 7 Processing and Managing Threats 125
Starting the Threat Modeling Project 126
Digging Deeper into Mitigations 130
Tracking with Tables and Lists 133
Scenario-Specifi c Elements of Threat Modeling 138
Summary 143
Chapter 8 Defensive Tactics and Technologies 145
Tactics and Technologies for Mitigating Threats 145
Addressing Threats with Patterns 159
Mitigating Privacy Threats 160
Summary 164
Chapter 9 Trade-Off s When Addressing Threats 167
Classic Strategies for Risk Management 168
Selecting Mitigations for Risk Management 170
Threat-Specific Prioritization Approaches 178
Mitigation via Risk Acceptance 184
Arms Races in Mitigation Strategies 185
Summary 186
Chapter 10 Validating That Threats Are Addressed 189
Testing Threat Mitigations 190
Checking Code You Acquire 192
QA'ing Threat Modeling 195
Process Aspects of Addressing Threats 197
Tables and Lists 198
Summary 202
Chapter 11 Threat Modeling Tools 203
Generally Useful Tools 204
Open-Source Tools 206
Commercial Tools 208
Tools That Don't Exist Yet 213
Summary 213
Part IV Threat Modeling in Technologies and Tricky Areas 215
Chapter 12 Requirements Cookbook 217
Why a Cookbook? 218
The Interplay of Requirements, Threats, and Mitigations 219
Business Requirements 220
Prevent/Detect/Respond as a Frame for Requirements 221
People/Process/Technology as a Frame for Requirements 227
Development Requirements vs. Acquisition Requirements 228
Compliance-Driven Requirements 229
Privacy Requirements 231
The STRIDE Requirements 234
Non-Requirements 240
Summary 242
Chapter 13 Web and Cloud Threats 243
Web Threats 243 Cloud Tenant Threa...