|
|
|
|
| LEADER |
00000cam a2200000Mu 4500 |
| 001 |
OR_on1228540412 |
| 003 |
OCoLC |
| 005 |
20231017213018.0 |
| 006 |
m d |
| 007 |
cr n ||| |
| 008 |
201011s2020 xx o ||| 0 und d |
| 040 |
|
|
|a VT2
|b eng
|c VT2
|d EBLCP
|d OCLCQ
|d LANGC
|d OCLCQ
|
| 020 |
|
|
|a 9781492056553
|
| 020 |
|
|
|a 1492056553
|
| 029 |
1 |
|
|a AU@
|b 000070668222
|
| 035 |
|
|
|a (OCoLC)1228540412
|
| 049 |
|
|
|a UAMI
|
| 100 |
1 |
|
|a Tarandach, Izar.
|
| 245 |
1 |
0 |
|a Threat Modeling
|h [electronic resource] /
|c Izar Tarandach.
|
| 260 |
|
|
|a [S.l.] :
|b O'Reilly Media, Inc.,
|c 2020.
|
| 300 |
|
|
|a 1 online resource
|
| 500 |
|
|
|a Title from content provider.
|
| 505 |
0 |
|
|a Intro -- Copyright -- Table of Contents -- Foreword -- Preface -- Why We Wrote This Book -- Who This Book Is For -- What Is (and Isn't!) in This Book -- These Techniques Apply Across Various Systems -- Your Contribution Matters -- Conventions Used in This Book -- O'Reilly Online Learning -- How to Contact Us -- Acknowledgments -- Introduction -- The Basics of Threat Modeling -- What Is Threat Modeling? -- Why You Need Threat Modeling -- Obstacles -- Threat Modeling in the System Development Life Cycle -- Essential Security Principles -- Basic Concepts and Terminology
|
| 505 |
8 |
|
|a Calculating Severity or Risk -- Core Properties -- Fundamental Controls -- Basic Design Patterns for Secure Systems -- Summary -- Chapter 1. Modeling Systems -- Why We Create System Models -- System Modeling Types -- Data Flow Diagrams -- Sequence Diagrams -- Process Flow Diagrams -- Attack Trees -- Fishbone Diagrams -- How to Build System Models -- What Does a Good System Model Look Like? -- Summary -- Chapter 2. A Generalized Approach to Threat Modeling -- Basic Steps -- What You Are Looking for in a System Model -- The Usual Suspects -- What You Should Not Expect to Discover
|
| 505 |
8 |
|
|a Threat Intelligence Gathering -- Summary -- Chapter 3. Threat Modeling Methodologies -- Before We Go Too Deep... -- Looking Through Filters, Angles, and Prisms -- To the Methodologies, at Last! -- STRIDE -- STRIDE per Element -- STRIDE per Interaction -- Process for Attack Simulation and Threat Analysis -- Threat Assessment and Remediation Analysis -- Trike -- Specialized Methodologies -- LINDDUN -- Madness? This Is SPARTA! -- INCLUDES NO DIRT -- Shall We Play a Game? -- Game: Elevation of Privilege -- Game: Elevation of Privilege and Privacy -- Game: OWASP Cornucopia
|
| 505 |
8 |
|
|a Game: Security and Privacy Threat Discovery Cards -- Game: LINDDUN GO -- Summary -- Chapter 4. Automated Threat Modeling -- Why Automate Threat Modeling? -- Threat Modeling from Code -- How It Works -- Threat Modeling with Code -- How It Works -- pytm -- Threagile -- An Overview of Other Threat Modeling Tools -- IriusRisk -- SD Elements -- ThreatModeler -- OWASP Threat Dragon -- Microsoft Threat Modeling Tool -- CAIRIS -- Mozilla SeaSponge -- Tutamen Threat Model Automator -- Threat Modeling with ML and AI -- Summary -- Chapter 5. Continuous Threat Modeling -- Why Continuous Threat Modeling?
|
| 505 |
8 |
|
|a The Continuous Threat Modeling Methodology -- Evolutionary: Getting Better All the Time -- The Autodesk Continuous Threat Modeling Methodology -- Baselining -- Baseline Analysis -- When Do You Know You Did Enough? -- Threat Model Every Story -- Findings from the Field -- Summary -- Chapter 6. Own Your Role as a Threat Modeling Champion -- How Do I Get Leadership On-Board with Threat Modeling? -- How Do I Overcome Resistance from the Rest of the Product Team? -- How Do We Overcome the Sense of (or Actual) Failure at Threat Modeling?
|
| 590 |
|
|
|a O'Reilly
|b O'Reilly Online Learning: Academic/Public Library Edition
|
| 700 |
1 |
|
|a Coles, Matthew J.
|
| 856 |
4 |
0 |
|u https://learning.oreilly.com/library/view/~/9781492056546/?ar
|z Texto completo (Requiere registro previo con correo institucional)
|
| 938 |
|
|
|a ProQuest Ebook Central
|b EBLB
|n EBL6395807
|
| 994 |
|
|
|a 92
|b IZTAP
|
