Cargando…
Threat Modeling
| Autor principal: | |
|---|---|
| Otros Autores: | |
| Formato: | Electrónico eBook |
| Idioma: | Indeterminado |
| Publicado: |
[S.l.] :
O'Reilly Media, Inc.,
2020.
|
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Intro
- Copyright
- Table of Contents
- Foreword
- Preface
- Why We Wrote This Book
- Who This Book Is For
- What Is (and Isn't!) in This Book
- These Techniques Apply Across Various Systems
- Your Contribution Matters
- Conventions Used in This Book
- O'Reilly Online Learning
- How to Contact Us
- Acknowledgments
- Introduction
- The Basics of Threat Modeling
- What Is Threat Modeling?
- Why You Need Threat Modeling
- Obstacles
- Threat Modeling in the System Development Life Cycle
- Essential Security Principles
- Basic Concepts and Terminology
- Calculating Severity or Risk
- Core Properties
- Fundamental Controls
- Basic Design Patterns for Secure Systems
- Summary
- Chapter 1. Modeling Systems
- Why We Create System Models
- System Modeling Types
- Data Flow Diagrams
- Sequence Diagrams
- Process Flow Diagrams
- Attack Trees
- Fishbone Diagrams
- How to Build System Models
- What Does a Good System Model Look Like?
- Summary
- Chapter 2. A Generalized Approach to Threat Modeling
- Basic Steps
- What You Are Looking for in a System Model
- The Usual Suspects
- What You Should Not Expect to Discover
- Threat Intelligence Gathering
- Summary
- Chapter 3. Threat Modeling Methodologies
- Before We Go Too Deep...
- Looking Through Filters, Angles, and Prisms
- To the Methodologies, at Last!
- STRIDE
- STRIDE per Element
- STRIDE per Interaction
- Process for Attack Simulation and Threat Analysis
- Threat Assessment and Remediation Analysis
- Trike
- Specialized Methodologies
- LINDDUN
- Madness? This Is SPARTA!
- INCLUDES NO DIRT
- Shall We Play a Game?
- Game: Elevation of Privilege
- Game: Elevation of Privilege and Privacy
- Game: OWASP Cornucopia
- Game: Security and Privacy Threat Discovery Cards
- Game: LINDDUN GO
- Summary
- Chapter 4. Automated Threat Modeling
- Why Automate Threat Modeling?
- Threat Modeling from Code
- How It Works
- Threat Modeling with Code
- How It Works
- pytm
- Threagile
- An Overview of Other Threat Modeling Tools
- IriusRisk
- SD Elements
- ThreatModeler
- OWASP Threat Dragon
- Microsoft Threat Modeling Tool
- CAIRIS
- Mozilla SeaSponge
- Tutamen Threat Model Automator
- Threat Modeling with ML and AI
- Summary
- Chapter 5. Continuous Threat Modeling
- Why Continuous Threat Modeling?
- The Continuous Threat Modeling Methodology
- Evolutionary: Getting Better All the Time
- The Autodesk Continuous Threat Modeling Methodology
- Baselining
- Baseline Analysis
- When Do You Know You Did Enough?
- Threat Model Every Story
- Findings from the Field
- Summary
- Chapter 6. Own Your Role as a Threat Modeling Champion
- How Do I Get Leadership On-Board with Threat Modeling?
- How Do I Overcome Resistance from the Rest of the Product Team?
- How Do We Overcome the Sense of (or Actual) Failure at Threat Modeling?