Muutke küpsiste eelistusi

E-raamat: Threat Modeling: Designing for Security

4.06/5 (347 hinnangut Goodreads-ist)
  • Formaat: PDF+DRM
  • Ilmumisaeg: 04-Feb-2014
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781118822692
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 62,98 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Threat Modeling: Designing for SecuritySuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 04-Feb-2014
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781118822692
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier'sSecrets and Lies and Applied Cryptography!

Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.

Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.

  • Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs
  • Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric
  • Provides effective approaches and techniques that have been proven at Microsoft and elsewhere
  • Offers actionable how-to advice not tied to any specific software, operating system, or programming language
  • Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world

As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready withThreat Modeling: Designing for Security.

Muu info

Nominated for Dr. Dobbs 2014 (United States).
Introduction xxi
Part I Getting Started 1(58)
Chapter 1 Dive In and Threat Modell
3(26)
Learning to Threat Model
4(22)
What Are You Building?
5(2)
What Can Go Wrong?
7(5)
Addressing Each Threat
12(12)
Checking Your Work
24(2)
Threat Modeling on Your Own
26(1)
Checklists for Diving In and Threat Modeling
27(1)
Summary
28(1)
Chapter 2 Strategies for Threat Modeling
29(30)
"What's Your Threat Model?"
30(1)
Brainstorming Your Threats
31(3)
Brainstorming Variants
32(1)
Literature Review
33(1)
Perspective on Brainstorming
34(1)
Structured Approaches to Threat Modeling
34(9)
Focusing on Assets
36(4)
Focusing on Attackers
40(1)
Focusing on Software
41(2)
Models of Software
43(13)
Types of Diagrams
44(6)
Trust Boundaries
50(2)
What to Include in a Diagram
52(1)
Complex Diagrams
52(1)
Labels in Diagrams
53(1)
Color in Diagrams
53(1)
Entry Points
53(1)
Validating Diagrams
54(2)
Summary
56(3)
Part II Finding Threats 59(64)
Chapter 3 STRIDE
61(26)
Understanding STRIDE and Why It's Useful
62(2)
Spoofing Threats
64(3)
Spoofing a Process or File on the Same Machine
65(1)
Spoofing a Machine
66(1)
Spoofing a Person
66(1)
Tampering Threats
67(1)
Tampering with a File
68(1)
Tampering with Memory
68(1)
Tampering with a Network
68(1)
Repudiation Threats
68(2)
Attacking the Logs
69(1)
Repudiating an Action
70(1)
Information Disclosure Threats
70(2)
Information Disclosure from a Process
71(1)
Information Disclosure from a Data Store
71(1)
Information Disclosure from a Data Flow
72(1)
Denial-of-Service Threats
72(1)
Elevation of Privilege Threats
73(1)
Elevate Privileges by Corrupting a Process
74(1)
Elevate Privileges through Authorization Failures
74(1)
Extended Example: STRIDE Threats against Acme-DB
74(4)
STRIDE Variants
78(7)
STRIDE-per-Element
78(2)
STRIDE-per-Interaction
80(5)
DESIST
85(1)
Exit Criteria
85(1)
Summary
85(2)
Chapter 4 Attack Trees
87(14)
Working with Attack Trees
87(4)
Using Attack Trees to Find Threats
88(1)
Creating New Attack Trees
88(3)
Representing a Tree
91(3)
Human-Viewable Representations
91(3)
Structured Representations
94(1)
Example Attack Tree
94(2)
Real Attack Trees
96(2)
Fraud Attack Tree
96(1)
Election Operations Assessment Threat Trees
96(2)
Mind Maps
98(1)
Perspective on Attack Trees
98(2)
Summary
100(1)
Chapter 5 Attack Libraries
101(10)
Properties of Attack Libraries
101(3)
Libraries and Checklists
103(1)
Libraries and Literature Reviews
103(1)
CAPEC
104(4)
Exit Criteria
106(1)
Perspective on CAPEC
106(2)
OWASP Top Ten
108(1)
Summary
108(3)
Chapter 6 Privacy Tools
111(12)
Solove's Taxonomy of Privacy
112(2)
Privacy Considerations for Internet Protocols
114(1)
Privacy Impact Assessments (PIA)
114(1)
The Nymity Slider and the Privacy Ratchet
115(2)
Contextual Integrity
117(3)
Contextual Integrity Decision Heuristic
118(1)
Augmented Contextual Integrity Heuristic
119(1)
Perspective on Contextual Integrity
119(1)
LINDDUN
120(1)
Summary
121(2)
Part III Managing and Addressing Threats 123(92)
Chapter 7 Processing and Managing Threats
125(20)
Starting the Threat Modeling Project
126(4)
When to Threat Model
126(2)
What to Start and (Plan to) End With
128(1)
Where to Start
128(2)
Digging Deeper into Mitigations
130(3)
The Order of Mitigation
131(1)
Playing Chess
131(1)
Prioritizing
132(1)
Running from the Bear
132(1)
Tracking with Tables and Lists
133(5)
Tracking Threats
133(2)
Making Assumptions
135(1)
External Security Notes
136(2)
Scenario-Specific Elements of Threat Modeling
138(5)
Customer/Vendor Trust Boundary
139(1)
New Technologies
139(2)
Threat Modeling an API
141(2)
Summary
143(2)
Chapter 8 Defensive Tactics and Technologies
145(22)
Tactics and Technologies for Mitigating Threats
145(14)
Authentication: Mitigating Spoofing
146(2)
Integrity: Mitigating Tampering
148(2)
Non-Repudiation: Mitigating Repudiation
150(3)
Confidentiality: Mitigating Information Disclosure
153(2)
Availability: Mitigating Denial of Service
155(2)
Authorization: Mitigating Elevation of Privilege
157(2)
Tactic and Technology Traps
159(1)
Addressing Threats with Patterns
159(1)
Standard Deployments
160(1)
Addressing CAPEC Threats
160(1)
Mitigating Privacy Threats
160(4)
Minimization
160(1)
Cryptography
161(3)
Compliance and Policy
164(1)
Summary
164(3)
Chapter 9 Trade-Offs When Addressing Threats
167(22)
Classic Strategies for Risk Management
168(2)
Avoiding Risks
168(1)
Addressing Risks
168(1)
Accepting Risks
169(1)
Transferring Risks
169(1)
Ignoring Risks
169(1)
Selecting Mitigations for Risk Management
170(8)
Changing the Design
170(4)
Applying Standard Mitigation Technologies
174(2)
Designing a Custom Mitigation
176(1)
Fuzzing Is Not a Mitigation
177(1)
Threat-Specific Prioritization Approaches
178(6)
Simple Approaches
178(2)
Threat-Ranking with a Bug Bar
180(1)
Cost Estimation Approaches
181(3)
Mitigation via Risk Acceptance
184(1)
Mitigation via Business Acceptance
184(1)
Mitigation via User Acceptance
185(1)
Arms Races in Mitigation Strategies
185(1)
Summary
186(3)
Chapter 10 Validating That Threats Are Addressed
189(14)
Testing Threat Mitigations
190(2)
Test Process Integration
190(1)
How to Test a Mitigation
191(1)
Penetration Testing
191(1)
Checking Code You Acquire
192(3)
Constructing a Software Model
193(1)
Using the Software Model
194(1)
QA'ing Threat Modeling
195(2)
Model/Reality Conformance
195(1)
Task and Process Completion
196(1)
Bug Checking
196(1)
Process Aspects of Addressing Threats
197(1)
Threat Modeling Empowers Testing; Testing Empowers Threat Modeling
197(1)
Validation/Transformation
197(1)
Document Assumptions as You Go
198(1)
Tables and Lists
198(4)
Summary
202(1)
Chapter 11 Threat Modeling Tools
203(12)
Generally Useful Tools
204(2)
Whiteboards
204(1)
Office Suites
204(1)
Bug-Tracking Systems
204(2)
Open-Source Tools
206(2)
TRIKE
206(1)
SeaMonster
206(1)
Elevation of Privilege
206(2)
Commercial Tools
208(5)
ThreatModeler
208(1)
Corporate Threat Modeller
208(1)
Securl/Tree
209(1)
Little-JIL
209(1)
Microsoft's SDL Threat Modeling Tool
209(4)
Tools That Don't Exist Yet
213(1)
Summary
213(2)
Part IV Threat Modeling in Technologies and Tricky Areas 215(138)
Chapter 12 Requirements Cookbook
217(26)
Why a "Cookbook"?
218(1)
The Interplay of Requirements, Threats, and Mitigations
219(1)
Business Requirements
220(1)
Outshining the Competition
220(1)
Industry Requirements
220(1)
Scenario-Driven Requirements
221(1)
Prevent/Detect/Respond as a Frame for Requirements
221(6)
Prevention
221(4)
Detection
225(1)
Response
225(2)
People/Process/Technology as a Frame for Requirements
227(1)
People
227(1)
Process
228(1)
Technology
228(1)
Development Requirements vs. Acquisition Requirements
228(1)
Compliance-Driven Requirements
229(2)
Cloud Security Alliance
229(1)
NIST Publication 200
230(1)
PCI-DSS
231(1)
Privacy Requirements
231(3)
Fair Information Practices
232(1)
Privacy by Design
232(1)
The Seven Laws of Identity
233(1)
Microsoft Privacy Standards for Development
234(1)
The STRIDE Requirements
234(6)
Authentication
235(1)
Integrity
236(1)
Non-Repudiation
237(1)
Confidentiality
238(1)
Availability
238(1)
Authorization
239(1)
Non-Requirements
240(2)
Operational Non-Requirements
240(1)
Warnings and Prompts
241(1)
Microsoft's "10 Immutable Laws"
241(1)
Summary
242(1)
Chapter 13 Web and Cloud Threats
243(10)
Web Threats
243(3)
Website Threats
244(1)
Web Browser and Plugin Threats
244(2)
Cloud Tenant Threats
246(3)
Insider Threats
246(1)
Co Tenant Threats
247(1)
Threats to Compliance
247(1)
Legal Threats
248(1)
Threats to Forensic Response
248(1)
Miscellaneous Threats
248(1)
Cloud Provider Threats
249(1)
Threats Directly from Tenants
249(1)
Threats Caused by Tenant Behavior
250(1)
Mobile Threats
250(1)
Summary
251(2)
Chapter 14 Accounts and Identity
253(40)
Account Life Cycles
254(5)
Account Creation
254(3)
Account Maintenance
257(1)
Account Termination
258(1)
Account Life-Cycle Checklist
258(1)
Authentication
259(23)
Login
260(2)
Login Failures
262(1)
Threats to "What You Have"
263(1)
Threats to "What You Are"
264(3)
Threats to "What You Know"
267(4)
Authentication Checklist
271(1)
\Account Recovery
271(1)
Time and Account Recovery
272(1)
E-mail for Account Recovery
273(1)
Knowledge-Based Authentication
274(4)
Social Authentication
278(2)
Attacker-Driven Analysis of Account Recovery
280(1)
Multi-Channel Authentication
281(1)
Account Recovery Checklist
281(1)
Names, IDs, and SSNs
282(8)
Names
282(3)
Identity Documents
285(1)
Social Security Numbers and Other National Identity Numbers
286(3)
Identity Theft
289(1)
Names, IDs, and SSNs Checklist
290(1)
Summary
290(3)
Chapter 15 Human Factors and Usability
293(40)
Models of People
294(10)
Applying Behaviorist Models of People
295(2)
Cognitive Science Models of People
297(5)
Heuristic Models of People
302(2)
Models of Software Scenarios
304(7)
Modeling the Software
304(3)
Diagramming for Modeling the Software
307(2)
Modeling Electronic Social Engineering Attacks
309(2)
Threat Elicitation Techniques
311(5)
Brainstorming
311(1)
The Ceremony Approach to Threat Modeling
311(1)
Ceremony Analysis Heuristics
312(3)
Integrating Usability into the Four-Stage Framework
315(1)
Tools and Techniques for Addressing Human Factors
316(6)
Myths That Inhibit Human Factors Work
317(1)
Design Patterns for Good Decisions
317(3)
Design Patterns for a Kind Learning Environment
320(2)
User Interface Tools and Techniques
322(5)
Configuration
322(1)
Explicit Warnings
323(2)
Patterns That Grab Attention
325(2)
Testing for Human Factors
327(2)
Benign and Malicious Scenarios
328(1)
Ecological Validity
328(1)
Perspective on Usability and Ceremonies
329(2)
Summary
331(2)
Chapter 16 Threats to Cryptosystems
333(20)
Cryptographic Primitives
334(7)
Basic Primitives
334(5)
Privacy Primitives
339(1)
Modern Cryptographic Primitives
339(2)
Classic Threat Actors
341(1)
Attacks against Cryptosystems
342(4)
Building with Crypto
346(2)
Making Choices
346(1)
Preparing for Upgrades
346(1)
Key Management
346(2)
Authenticating before Decrypting
348(1)
Things to Remember about Crypto
348(1)
Use a Cryptosystem Designed by Professionals
348(1)
Use Cryptographic Code Built and Tested by Professionals
348(1)
Cryptography Is Not Magic Security Dust
349(1)
Assume It Will All Become Public
349(1)
You Still Need to Manage Keys
349(1)
Secret Systems: Kerckhoffs and His Principles
349(2)
Summary
351(2)
Part V Taking It to the Next Level 353(68)
Chapter 17 Bringing Threat Modeling to Your Organization
355(30)
How To Introduce Threat Modeling
356(3)
Convincing Individual Contributors
357(1)
Convincing Management
358(1)
Who Does What?
359(8)
Threat Modeling and Project Management
359(1)
Prerequisites
360(1)
Deliverables
360(2)
Individual Roles and Responsibilities
362(1)
Group Interaction
363(4)
Diversity in Threat Modeling Teams
367(1)
Threat Modeling within a Development Life Cycle
367(12)
Development Process Issues
368(5)
Organizational Issues
373(5)
Customizing a Process for Your Organization
378(1)
Overcoming Objections to Threat Modeling
379(4)
Resource Objections
379(1)
Value Objections
380(1)
Objections to the Plan
381(2)
Summary
383(2)
Chapter 18 Experimental Approaches
385(22)
Looking in the Seams
386(1)
Operational Threat Models
387(5)
F1ipIT
388(1)
Kill Chains
388(4)
The "Broad Street" Taxonomy
392(6)
Adversarial Machine Learning
398(1)
Threat Modeling a Business
399(1)
Threats to Threat Modeling Approaches
400(4)
Dangerous Deliverables
400(1)
Enumerate All Assumptions
400(2)
Dangerous Approaches
402(2)
How to Experiment
404(1)
Define a Problem
404(1)
Find Aspects to Measure and Measure Them
404(1)
Study Your Results
405(1)
Summary
405(2)
Chapter 19 Architecting for Success
407(14)
Understanding Flow
407(6)
Flow and Threat Modeling
409(2)
Stymieing People
411(1)
Beware of Cognitive Load
411(1)
Avoid Creator Blindness
412(1)
Assets and Attackers
412(1)
Knowing the Participants
413(1)
Boundary Objects
414(1)
The Best Is the Enemy of the Good
415(1)
Closing Perspectives
416(3)
"The Threat Model Has Changed"
417(1)
On Artistry
418(1)
Summary
419(2)
Now Threat Model
420(1)
Appendix A Helpful Tools 421(8)
Common Answers to "What's Your Threat Model?"
421(8)
Network Attackers
421(1)
Physical Attackers
422(1)
Attacks against People
423(1)
Supply Chain Attackers
423(1)
Privacy Attackers
424(1)
Non-Sentient "Attackers"
424(1)
The Internet Threat Model
424(1)
Assets
425(1)
Computers as Assets
425(1)
People as Assets
426(1)
Processes as Assets
426(1)
Intangible Assets
427(1)
Stepping-Stone Assets
427(2)
Appendix B Threat Trees 429(48)
STRIDE Threat Trees
430(40)
Spoofing an External Entity (Client/Person/Account)
432(6)
Spoofing a Process
438(1)
Spoofing of a Data Flow
439(3)
Tampering with a Process
442(2)
Tampering with a Data Flow
444(2)
Tampering with a Data Store
446(4)
Repudiation against a Process (or by an External Entity)
450(2)
Repudiation, Data Store
452(2)
Information Disclosure from a Process
454(2)
Information Disclosure from a Data Flow
456(3)
Information Disclosure from a Data Store
459(3)
Denial of Service against a Process
462(1)
Denial of Service against a Data Flow
463(3)
Denial of Service against a Data Store
466(2)
Elevation of Privilege against a Process
468(2)
Other Threat Trees
470(7)
Running Code
471(3)
Attack via a "Social" Program
474(2)
Attack with Tricky Filenames
476(1)
Appendix C Attacker Lists 477(24)
Attacker Lists
478(2)
Barnard's List
478(1)
Verizon's Lists
478(1)
OWASP
478(1)
Intel TARA
479(1)
Personas and Archetypes
480(1)
Aucsmith's Attacker Personas
481(1)
Background and Definitions
481(3)
Personas
484(17)
David "NeOphyate" Bradley - Vandal
484(2)
JoLynn "NightLily" Dobney - Trespasser
486(2)
Sean "Keech" Purcell - Defacer
488(2)
Bryan "CrossFyre" Walton - Author
490(2)
Lorrin Smith-Bates - Insider
492(2)
Douglas Hite - Thief
494(2)
Mr. Smith - Terrorist
496(2)
Mr. Jones - Spy
498(3)
Appendix D Elevation of Privilege: The Cards 501(10)
Spoofing
501(2)
Tampering
503(1)
Repudiation
504(2)
Information Disclosure
506(1)
Denial of Service
507(1)
Elevation of Privilege (EoP)
508(3)
Appendix E Case Studies 511(22)
The Acme Database
512(7)
Security Requirements
512(1)
Software Model
512(1)
Threats and Mitigations
513(6)
Acme's Operational Network
519(6)
Security Requirements
519(1)
Operational Network
520(1)
Threats to the Network
521(4)
Phones and One-Time Token Authenticators
525(3)
The Scenario
526(1)
The Threats
527(1)
Possible Redesigns
528(1)
Sample for You to Model
528(5)
Background
529(1)
The iNTegrity Data Flow Diagrams
530(1)
Exercises
531(2)
Glossary 533(10)
Bibliography 543(24)
Index 567
Adam Shostack is a principal program manager on Microsoft's Trustworthy Computing team. He helped found the CVE \, the Privacy Enhancing Technologies Symposium, and the International Financial Cryptography Association His experience shipping products (at both Microsoft and tiny startups) and managing operational security ensures the advice in this book is grounded in real experience.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97811188226922e.html