Threat Modeling Designing for Security 1st Edition by Adam Shostack ISBN 1118822692 9781118822692

Threat Modeling: Designing for Security 1st Edition by Adam Shostack – Ebook PDF Instant Download/Delivery. 1118822692, 9781118822692
Full download Threat Modeling: Designing for Security 1st Edition after payment

Product details:

ISBN 10: 1118822692 
ISBN 13: 9781118822692
Author: Adam Shostack

The book is chock-full of specific and actionable advice, without being tied to specific software, operating systems or languages. For security professionals, the book provides the easiest way to adopt a structured approach to threat modeling. This approach is being promoted by Microsoft, and the book willprovide the easiest way to understand the changing threats and threat landscape.The book is up-to-date and covers all of the methods of threat modeling.For software developers, threat modeling is big and scary and hard to get your arms around. But as more software is delivered on the Internet, or operates on Internet connected computers, as attackers move after money, developers can no longer afford to view software security as an afterthought or as a matter of features.This bookprovides a jargon-free and accessible introduction to this important skill.For systems managers with security responsibilities, this book provides tools and a framework for structured thinking about what goes wrong. By threat modeling, they can break away from a technology centered way of threat modeling and instead focus on threats and effective operational countermeasures.The book begings with learning how to threat model, threat modeling approaches such as asset centric, attacker centric and sofware centric, then on to specifics such as threats to cryptosystems and finally moves on to more advanced areas with many examples to follow and emulate such as 3-tier web app, phone app, validation and cargo cutting.

Threat Modeling: Designing for Security 1st Table of contents:

Part I Getting Started
Chapter 1 Dive In and Threat Model!
Learning to Threat Model
What Are You Building?
Addressing Each Threat
Checking Your Work
Threat Modeling on Your Own
Checklists for Diving In and Threat Modeling
Summary
Chapter 2 Strategies for Threat Modeling
“What’s Your Threat Model?”
Brainstorming Your Threats
Brainstorming Variants
Literature Review
Perspective on Brainstorming
Structured Approaches to Threat Modeling
Focusing on Assets
Focusing on Attackers
Focusing on Software
Models of Software
Types of Diagrams
Trust Boundaries
What to Include in a Diagram
Complex Diagrams
Labels in Diagrams
Color in Diagrams
Entry Points
Validating Diagrams
Summary
Part II Finding Threats
Chapter 3 STRIDE
Understanding STRIDE and Why It’s Useful
Spoofing Threats
Spoofing a Process or File on the Same Machine
Spoofing a Machine
Spoofing a Person
Tampering Threats
Tampering with a File
Tampering with Memory
Tampering with a Network
Repudiation Threats
Attacking the Logs
Repudiating an Action
Information Disclosure Threats
Information Disclosure from a Process
Information Disclosure from a Data Store
Information Disclosure from a Data Flow
Denial-of-Service Threats
Elevation of Privilege Threats
Elevate Privileges by Corrupting a Process
Elevate Privileges through Authorization Failures
Extended Example: STRIDE Threats against Acme-DB
STRIDE Variants
STRIDE-per-Element
STRIDE-per-Interaction
DESIST
Exit Criteria
Summary
Chapter 4 Attack Trees
Working with Attack Trees
Using Attack Trees to Find Threats
Creating New Attack Trees
Representing a Tree
Human-Viewable Representations
Structured Representations
Example Attack Tree
Real Attack Trees
Fraud Attack Tree
Election Operations Assessment Threat Trees
Mind Maps
Perspective on Attack Trees
Summary
Chapter 5 Attack Libraries
Properties of Attack Libraries
Libraries and Checklists
Libraries and Literature Reviews
CAPEC
Exit Criteria
Perspective on CAPEC
OWASP Top Ten
Summary
Chapter 6 Privacy Tools
Solove’s Taxonomy of Privacy
Privacy Considerations for Internet Protocols
Privacy Impact Assessments (PIA)
The Nymity Slider and the Privacy Ratchet
Contextual Integrity
Contextual Integrity Decision Heuristic
Augmented Contextual Integrity Heuristic
Perspective on Contextual Integrity
LINDDUN
Summary
Part III Managing and Addressing Threats
Chapter 7 Processing and Managing Threats
Starting the Threat Modeling Project
When to Threat Model
What to Start and (Plan to) End With
Where to Start
Digging Deeper into Mitigations
The Order of Mitigation
Playing Chess
Prioritizing
Running from the Bear
Tracking with Tables and Lists
Tracking Threats
Making Assumptions
External Security Notes
Scenario-Specific Elements of Threat Modeling
Customer/Vendor Trust Boundary
New Technologies
Threat Modeling an API
Summary
Chapter 8 Defensive Tactics and Technologies
Tactics and Technologies for Mitigating Threats
Authentication: Mitigating Spoofing
Integrity: Mitigating Tampering
Non-Repudiation: Mitigating Repudiation
Confidentiality: Mitigating Information Disclosure
Availability: Mitigating Denial of Service
Authorization: Mitigating Elevation of Privilege
Tactic and Technology Traps
Addressing Threats with Patterns
Standard Deployments
Addressing CAPEC Threats
Mitigating Privacy Threats
Minimization
Cryptography
Compliance and Policy
Summary
Chapter 9 Trade-Offs When Addressing Threats
Classic Strategies for Risk Management
Avoiding Risks
Addressing Risks
Accepting Risks
Transferring Risks
Ignoring Risks
Selecting Mitigations for Risk Management
Changing the Design
Applying Standard Mitigation Technologies
Designing a Custom Mitigation
Fuzzing Is Not a Mitigation
Threat-Specific Prioritization Approaches
Simple Approaches
Threat-Ranking with a Bug Bar
Cost Estimation Approaches
Mitigation via Risk Acceptance
Mitigation via Business Acceptance
Mitigation via User Acceptance
Arms Races in Mitigation Strategies
Summary
Chapter 10 Validating That Threats Are Addressed
Testing Threat Mitigations
Test Process Integration
How to Test a Mitigation
Penetration Testing
Checking Code You Acquire
Constructing a Software Model
Using the Software Model
QA’ing Threat Modeling
Model/Reality Conformance
Task and Process Completion
Bug Checking
Process Aspects of Addressing Threats
Threat Modeling Empowers Testing; Testing Empowers Threat Modeling
Validation/Transformation
Document Assumptions as You Go
Tables and Lists
Summary
Chapter 11 Threat Modeling Tools
Generally Useful Tools
Whiteboards
Office Suites
Bug-Tracking Systems
Open-Source Tools
TRIKE
SeaMonster
Elevation of Privilege
Commercial Tools
ThreatModeler
Corporate Threat Modeller
SecurITree
Little-JIL
Microsoft’s SDL Threat Modeling Tool
Tools That Don’t Exist Yet
Summary
Part IV Threat Modeling in Technologies and Tricky Areas
Chapter 12 Requirements Cookbook
Why a “Cookbook”?
The Interplay of Requirements, Threats, and Mitigations
Business Requirements
Outshining the Competition
Industry Requirements
Scenario-Driven Requirements
Prevent/Detect/Respond as a Frame for Requirements
Prevention
Detection
Response
People/Process/Technology as a Frame for Requirements
People
Process
Technology
Development Requirements vs. Acquisition Requirements
Compliance-Driven Requirements
Cloud Security Alliance
NIST Publication 200
PCI-DSS
Privacy Requirements
Fair Information Practices
Privacy by Design
The Seven Laws of Identity
Microsoft Privacy Standards for Development
The STRIDE Requirements
Authentication
Integrity
Non-Repudiation
Confidentiality
Availability
Authorization
Non-Requirements
Operational Non-Requirements
Warnings and Prompts
Microsoft’s “10 Immutable Laws”
Summary
Chapter 13 Web and Cloud Threats
Web Threats
Website Threats
Web Browser and Plugin Threats
Cloud Tenant Threats
Insider Threats
Co-Tenant Threats
Threats to Compliance
Legal Threats
Threats to Forensic Response
Miscellaneous Threats
Cloud Provider Threats
Threats Directly from Tenants
Threats Caused by Tenant Behavior
Mobile Threats
Summary
Chapter 14 Accounts and Identity
Account Life Cycles
Account Creation
Account Maintenance
Account Termination
Account Life-Cycle Checklist
Authentication
Login
Login Failures
Threats to “What You Have”
Threats to “What You Are”
Threats to “What You Know”
Authentication Checklist
Account Recovery
Time and Account Recovery
E-mail for Account Recovery
Knowledge-Based Authentication
Social Authentication
Attacker-Driven Analysis of Account Recovery
Multi-Channel Authentication
Account Recovery Checklist
Names, IDs, and SSNs
Names
Identity Documents
Social Security Numbers and Other National Identity Numbers
Identity Theft
Names, IDs, and SSNs Checklist
Summary
Chapter 15 Human Factors and Usability
Models of People
Applying Behaviorist Models of People
Cognitive Science Models of People
Heuristic Models of People
Models of Software Scenarios
Modeling the Software
Diagramming for Modeling the Software
Modeling Electronic Social Engineering Attacks
Threat Elicitation Techniques
Brainstorming
The Ceremony Approach to Threat Modeling
Ceremony Analysis Heuristics
Integrating Usability into the Four-Stage Framework
Tools and Techniques for Addressing Human Factors
Myths That Inhibit Human Factors Work
Design Patterns for Good Decisions
Design Patterns for a Kind Learning Environment
User Interface Tools and Techniques
Configuration
Explicit Warnings
Patterns That Grab Attention
Testing for Human Factors
Benign and Malicious Scenarios
Ecological Validity
Perspective on Usability and Ceremonies
Summary
Chapter 16 Threats to Cryptosystems
Cryptographic Primitives
Basic Primitives
Privacy Primitives
Modern Cryptographic Primitives
Classic Threat Actors
Attacks against Cryptosystems
Building with Crypto
Making Choices
Preparing for Upgrades
Key Management
Authenticating before Decrypting
Things to Remember about Crypto
Use a Cryptosystem Designed by Professionals
Use Cryptographic Code Built and Tested by Professionals
Cryptography Is Not Magic Security Dust
Assume It Will All Become Public
You Still Need to Manage Keys
Secret Systems: Kerckhoffs and His Principles
Summary
Part V Taking It to the Next Level
Chapter 17 Bringing Threat Modeling to Your Organization
How To Introduce Threat Modeling
Convincing Individual Contributors
Convincing Management
Who Does What?
Threat Modeling and Project Management
Prerequisites
Deliverables
Individual Roles and Responsibilities
Group Interaction
Diversity in Threat Modeling Teams
Threat Modeling within a Development Life Cycle
Development Process Issues
Organizational Issues
Customizing a Process for Your Organization
Overcoming Objections to Threat Modeling
Resource Objections
Value Objections
Objections to the Plan
Summary
Chapter 18 Experimental Approaches
Looking in the Seams
Operational Threat Models
FlipIT
Kill Chains
The “Broad Street” Taxonomy
Adversarial Machine Learning
Threat Modeling a Business
Threats to Threat Modeling Approaches
Dangerous Deliverables
Enumerate All Assumptions
Dangerous Approaches
How to Experiment
Define a Problem
Find Aspects to Measure and Measure Them
Study Your Results
Summary
Chapter 19 Architecting for Success
Understanding Flow
Flow and Threat Modeling
Stymieing People
Beware of Cognitive Load
Avoid Creator Blindness
Assets and Attackers
Knowing the Participants
Boundary Objects
The Best Is the Enemy of the Good
Closing Perspectives
“The Threat Model Has Changed”
On Artistry
Summary
Now Threat Model
Appendix A Helpful Tools
Common Answers to “What’s Your Threat Model?”
Network Attackers
Physical Attackers
Attacks against People
Supply Chain Attackers
Privacy Attackers
Non-Sentient “Attackers”
The Internet Threat Model
Assets
Computers as Assets
People as Assets
Processes as Assets
Intangible Assets
Stepping-Stone Assets
Appendix B Threat Trees
STRIDE Threat Trees
Spoofing an External Entity (Client/ Person/Account)
Spoofing a Process
Spoofing of a Data Flow
Tampering with a Process
Tampering with a Data Flow
Tampering with a Data Store
Repudiation against a Process (or by an External Entity)
Repudiation, Data Store
Information Disclosure from a Process
Information Disclosure from a Data Flow
Information Disclosure from a Data Store
Denial of Service against a Process
Denial of Service against a Data Flow
Denial of Service against a Data Store
Elevation of Privilege against a Process
Other Threat Trees
Running Code
Attack via a “Social” Program
Attack with Tricky Filenames
Appendix C Attacker Lists
Attacker Lists
Barnard’s List
Verizon’s Lists
OWASP
Intel TARA
Personas and Archetypes
Aucsmith’s Attacker Personas
Background and Definitions
Personas
David “Ne0phyate” Bradley – Vandal
JoLynn “NightLily” Dobney – Trespasser
Sean “Keech” Purcell – Defacer
Bryan “CrossFyre” Walton – Author
Lorrin Smith-Bates – Insider
Douglas Hite – Thief
Mr. Smith – Terrorist
Mr. Jones – Spy
Appendix D Elevation of Privilege: The Cards
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege (EoP)
Appendix E Case Studies
The Acme Database
Security Requirements
Software Model
Threats and Mitigations
Acme’s Operational Network
Security Requirements
Operational Network
Threats to the Network
Phones and One-Time Token Authenticators

People also search for Threat Modeling: Designing for Security 1st:

threat modeling: designing for security
    
shostack a 2014 threat modeling designing for security wiley
    
shostack a 2014 threat modeling designing for security
    
borrow threat modeling designing for security
    
adam shostack threat modeling designing for security (wiley 2014