Custom cover image
Threat modeling : designing for security / Adam Shostack
Resource type: Ressourcentyp: Buch (Online)Book (Online)Language: English Publisher: New York : John Wiley & Sons, Incorporated, 2014Edition: Online-AusgDescription: Online-Ressource (1 online resource (1 online resource (xxxiii, 590 pages ))) : illustrationsISBN:- 9781306427067
- 1118822692
- 9781118810057
- 9781118822692
- 005.8
- QA76.9.A25
- QA76.9
Contents:
Summary: Cover -- Title Page -- Copyright -- Contents -- Introduction -- Part I Getting Started -- Chapter 1 Dive In and Threat Model! -- Learning to Threat Model -- What Are You Building? -- What Can Go Wrong? -- Addressing Each Threat -- Checking Your Work -- Threat Modeling on Your Own -- Checklists for Diving In and Threat Modeling -- Summary -- Chapter 2 Strategies for Threat Modeling -- "What's Your Threat Model?" -- Brainstorming Your Threats -- Brainstorming Variants -- Literature Review -- Perspective on Brainstorming -- Structured Approaches to Threat Modeling -- Focusing on Assets -- Focusing on Attackers -- Focusing on Software -- Models of Software -- Types of Diagrams -- Trust Boundaries -- What to Include in a Diagram -- Complex Diagrams -- Labels in Diagrams -- Color in Diagrams -- Entry Points -- Validating Diagrams -- Summary -- Part II Finding Threats -- Chapter 3 STRIDE -- Understanding STRIDE and Why It's Useful -- Spoofing Threats -- Spoofing a Process or File on the Same Machine -- Spoofing a Machine -- Spoofing a Person -- Tampering Threats -- Tampering with a File -- Tampering with Memory -- Tampering with a Network -- Repudiation Threats -- Attacking the Logs -- Repudiating an Action -- Information Disclosure Threats -- Information Disclosure from a Process -- Information Disclosure from a Data Store -- Information Disclosure from a Data Flow -- Denial-of-Service Threats -- Elevation of Privilege Threats -- Elevate Privileges by Corrupting a Process -- Elevate Privileges through Authorization Failures -- Extended Example: STRIDE Threats against Acme-DB -- STRIDE Variants -- STRIDE-per-Element -- STRIDE-per-Interaction -- DESIST -- Exit Criteria -- Summary -- Chapter 4 Attack Trees -- Working with Attack Trees -- Using Attack Trees to Find Threats -- Creating New Attack Trees -- Representing a Tree.PPN: PPN: 78751876XPackage identifier: Produktsigel: ZDB-26-MYL | BSZ-30-PQE-S2AAFH | ZDB-30-PAD | ZDB-30-PQE
Cover; Title Page; Copyright; Contents; Introduction; Part I Getting Started; Chapter 1 Dive In and Threat Model!; Learning to Threat Model; What Are You Building?; What Can Go Wrong?; Addressing Each Threat; Checking Your Work; Threat Modeling on Your Own; Checklists for Diving In and Threat Modeling; Summary; Chapter 2 Strategies for Threat Modeling; "What's Your Threat Model?"; Brainstorming Your Threats; Brainstorming Variants; Literature Review; Perspective on Brainstorming; Structured Approaches to Threat Modeling; Focusing on Assets; Focusing on Attackers; Focusing on Software
Models of SoftwareTypes of Diagrams; Trust Boundaries; What to Include in a Diagram; Complex Diagrams; Labels in Diagrams; Color in Diagrams; Entry Points; Validating Diagrams; Summary; Part II Finding Threats; Chapter 3 STRIDE; Understanding STRIDE and Why It's Useful; Spoofing Threats; Spoofing a Process or File on the Same Machine; Spoofing a Machine; Spoofing a Person; Tampering Threats; Tampering with a File; Tampering with Memory; Tampering with a Network; Repudiation Threats; Attacking the Logs; Repudiating an Action; Information Disclosure Threats
Information Disclosure from a ProcessInformation Disclosure from a Data Store; Information Disclosure from a Data Flow; Denial-of-Service Threats; Elevation of Privilege Threats; Elevate Privileges by Corrupting a Process; Elevate Privileges through Authorization Failures; Extended Example: STRIDE Threats against Acme-DB; STRIDE Variants; STRIDE-per-Element; STRIDE-per-Interaction; DESIST; Exit Criteria; Summary; Chapter 4 Attack Trees; Working with Attack Trees; Using Attack Trees to Find Threats; Creating New Attack Trees; Representing a Tree; Human-Viewable Representations
Structured RepresentationsExample Attack Tree; Real Attack Trees; Fraud Attack Tree; Election Operations Assessment Threat Trees; Mind Maps; Perspective on Attack Trees; Summary; Chapter 5 Attack Libraries; Properties of Attack Libraries; Libraries and Checklists; Libraries and Literature Reviews; CAPEC; Exit Criteria; Perspective on CAPEC; OWASP Top Ten; Summary; Chapter 6 Privacy Tools; Solove's Taxonomy of Privacy; Privacy Considerations for Internet Protocols; Privacy Impact Assessments (PIA); The Nymity Slider and the Privacy Ratchet; Contextual Integrity
Contextual Integrity Decision HeuristicAugmented Contextual Integrity Heuristic; Perspective on Contextual Integrity; LINDDUN; Summary; Part III Managing and Addressing Threats; Chapter 7 Processing and Managing Threats; Starting the Threat Modeling Project; When to Threat Model; What to Start and (Plan to) End With; Where to Start; Digging Deeper into Mitigations; The Order of Mitigation; Playing Chess; Prioritizing; Running from the Bear; Tracking with Tables and Lists; Tracking Threats; Making Assumptions; External Security Notes; Scenario-Specific Elements of Threat Modeling
Customer/Vendor Trust Boundary
No physical items for this record