Benutzerdefiniertes Cover
Benutzerdefiniertes Cover
Normale Ansicht MARC ISBD

Threat modeling : designing for security / Adam Shostack

Von: Resource type: Ressourcentyp: Buch (Online)Buch (Online)Sprache: Englisch Verlag: New York : John Wiley & Sons, Incorporated, 2014Auflage: Online-AusgBeschreibung: Online-Ressource (1 online resource (1 online resource (xxxiii, 590 pages ))) : illustrationsISBN:
  • 9781306427067
  • 1118822692
  • 9781118810057
  • 9781118822692
Schlagwörter: Andere physische Formen: 1118809998 | 9781118809990 | 1306427037 | Druckausg.:: Druckausg. | Druckausg.: Threat modeling. Indianapolis, Ind. : Wiley, 2014. xxxiii, 590 SeitenRVK: RVK: ST 277 | ST 276LOC-Klassifikation:
  • QA76.9.A25
  • QA76.9
Online-Ressourcen:
Inhalte:
Zusammenfassung: Cover -- Title Page -- Copyright -- Contents -- Introduction -- Part I Getting Started -- Chapter 1 Dive In and Threat Model! -- Learning to Threat Model -- What Are You Building? -- What Can Go Wrong? -- Addressing Each Threat -- Checking Your Work -- Threat Modeling on Your Own -- Checklists for Diving In and Threat Modeling -- Summary -- Chapter 2 Strategies for Threat Modeling -- "What's Your Threat Model?" -- Brainstorming Your Threats -- Brainstorming Variants -- Literature Review -- Perspective on Brainstorming -- Structured Approaches to Threat Modeling -- Focusing on Assets -- Focusing on Attackers -- Focusing on Software -- Models of Software -- Types of Diagrams -- Trust Boundaries -- What to Include in a Diagram -- Complex Diagrams -- Labels in Diagrams -- Color in Diagrams -- Entry Points -- Validating Diagrams -- Summary -- Part II Finding Threats -- Chapter 3 STRIDE -- Understanding STRIDE and Why It's Useful -- Spoofing Threats -- Spoofing a Process or File on the Same Machine -- Spoofing a Machine -- Spoofing a Person -- Tampering Threats -- Tampering with a File -- Tampering with Memory -- Tampering with a Network -- Repudiation Threats -- Attacking the Logs -- Repudiating an Action -- Information Disclosure Threats -- Information Disclosure from a Process -- Information Disclosure from a Data Store -- Information Disclosure from a Data Flow -- Denial-of-Service Threats -- Elevation of Privilege Threats -- Elevate Privileges by Corrupting a Process -- Elevate Privileges through Authorization Failures -- Extended Example: STRIDE Threats against Acme-DB -- STRIDE Variants -- STRIDE-per-Element -- STRIDE-per-Interaction -- DESIST -- Exit Criteria -- Summary -- Chapter 4 Attack Trees -- Working with Attack Trees -- Using Attack Trees to Find Threats -- Creating New Attack Trees -- Representing a Tree.PPN: PPN: 78751876XPackage identifier: Produktsigel: ZDB-26-MYL | BSZ-30-PQE-K1DLR | BSZ-30-PQE-S2AAFH | ZDB-30-PAD | ZDB-30-PQE
Dieser Titel hat keine Exemplare
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft                         Home | Impressum | Datenschutz | BarrierefreiheitKIT

Powered by Koha