Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20
Wij wijzen u graag op het volgende
Door drukte zijn de levertijden van PostNL aangepast en kan uw pakket vertraging oplopen. Door de Brexit kan de levering van Engelse boeken vertraging oplopen.
,

Developer–Enabled Threat Modeling

A Practical Guide for Development Teams

Paperback Engels 2020 9781492056553
Verkooppositie 3545
Nog niet verschenen, verschijningsdatum onbekend
60,21

Samenvatting

Threat modeling is one of the most essential-and most misunderstood-parts of the development lifecycle. Whether you're a security practitioner or a member of a development team, this book will help you gain a better understanding of how you can apply core threat modeling concepts to your practice to protect your systems against threats.

Contrary to popular belief, threat modeling doesn't require advanced security knowledge to initiate or a Herculean effort to sustain. But it is critical for spotting and addressing potential concerns in a cost-effective way before the code's written--and before it's too late to find a solution. Authors Izar Tarandach and Matthew Coles walk you through various ways to approach and execute threat modeling in your organization.

- Explore fundamental properties and mechanisms for securing data and system functionality
- Understand the relationship between security, privacy, and safety
- Identify key characteristics for assessing system security
- Get an in-depth review of popular and specialized techniques for modeling and analyzing your systems
- View the future of threat modeling and Agile development methodologies, including DevOps automation
- Find answers to frequently asked questions, including how to avoid common threat modeling pitfalls

Specificaties

ISBN13:9781492056553
Taal:Engels
Bindwijze:paperback
Aantal pagina's:200
Uitgever:O'Reilly
Druk:1
Verschijningsdatum:30-11-2020
Hoofdrubriek:IT-management / ICT

Inhoudsopgave

Foreword
Preface
Why We Wrote This Book
Who This Book Is For
What Is (and Isn’t!) in This Book
These Techniques Apply Across Various Systems
Your Contribution Matters
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Introduction
The Basics of Threat Modeling
What Is Threat Modeling?
Why You Need Threat Modeling
Obstacles
Threat Modeling in the System Development Life Cycle
Essential Security Principles
Basic Concepts and Terminology
Calculating Severity or Risk
Core Properties
Fundamental Controls
Basic Design Patterns for Secure Systems
Summary

1. Modeling Systems
Why We Create System Models
System Modeling Types
Data Flow Diagrams
Sequence Diagrams
Process Flow Diagrams
Attack Trees
Fishbone Diagrams
How to Build System Models
What Does a Good System Model Look Like?
Summary

2. A Generalized Approach to Threat Modeling
Basic Steps
What You Are Looking for in a System Model
The Usual Suspects
What You Should Not Expect to Discover
Threat Intelligence Gathering
Summary

3. Threat Modeling Methodologies
Before We Go Too Deep…
Looking Through Filters, Angles, and Prisms
To the Methodologies, at Last!
STRIDE
STRIDE per Element
STRIDE per Interaction
Process for Attack Simulation and Threat Analysis
Threat Assessment and Remediation Analysis
Trike
Specialized Methodologies
LINDDUN
Madness? This Is SPARTA!
INCLUDES NO DIRT
Shall We Play a Game?
Game: Elevation of Privilege
Game: Elevation of Privilege and Privacy
Game: OWASP Cornucopia
Game: Security and Privacy Threat Discovery Cards
Game: LINDDUN GO
Summary

4. Automated Threat Modeling
Why Automate Threat Modeling?
Threat Modeling from Code
How It Works
Threat Modeling with Code
How It Works
pytm
Threagile
An Overview of Other Threat Modeling Tools
IriusRisk
SD Elements
ThreatModeler
OWASP Threat Dragon
Microsoft Threat Modeling Tool
CAIRIS
Mozilla SeaSponge
Tutamen Threat Model Automator
Threat Modeling with ML and AI
Summary

5. Continuous Threat Modeling
Why Continuous Threat Modeling?
The Continuous Threat Modeling Methodology
Evolutionary: Getting Better All the Time
The Autodesk Continuous Threat Modeling Methodology
Baselining
Baseline Analysis
When Do You Know You Did Enough?
Threat Model Every Story
Findings from the Field
Summary

6. Own Your Role as a Threat Modeling Champion
How Do I Get Leadership On-Board with Threat Modeling?
How Do I Overcome Resistance from the Rest of the Product Team?
How Do We Overcome the Sense of (or Actual) Failure at Threat Modeling?
How Should I Choose a Threat Modeling Methodology from Many Similar Approaches?
How Should I Deliver “the Bad News”?
What Actions Should I Take for Accepted Findings?
Did I Miss Something?
Summary and Closing
Further Reading
A. A Worked Example
High-Level Process Steps
Approaching Your First System Model
Leading a Threat Modeling Exercise

A Sample Exercise: Creating a System Model
Identifying Components, Flows, and Assets
Identifying System Weaknesses and Vulnerabilities
Identifying Threats
Determining Exploitability
Wrapping Things Up

B. The Threat Modeling Manifesto
Method and Purpose
The Threat Modeling Manifesto
What Is Threat Modeling?
Why Threat Model?
Who Should Threat Model?
How Should I Use the Threat Modeling Manifesto?
Values
Principles

About

Index

Alle 100 bestsellers

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Developer–Enabled Threat Modeling