Synopses & Reviews
In this straightforward and practical guide, Microsoft® application security specialists Frank Swiderski and Window Snyder describe the concepts and goals for threat modeling—a structured approach for identifying, evaluating, and mitigating risks to system security. Discover how to use the threat modeling methodology to analyze your system from the adversarys point of view—creating a set of data points that help drive security specifications and testing. Youll review application scenarios that illustrate threat modeling concepts in action, understanding how to use threat modeling to help improve the built-in security of a system—as well as your customer's confidence in the security of that system—regardless of development environment.
Gain an in-depth, conceptual understanding—along with practical ways to integrate threat modeling into your development efforts:
- Help anticipate attacks by seeing how adversaries assess your system—and compare their view to the developers or architects view
- Employ a data flow approach to create a threat profile for a system
- Reveal vulnerabilities in system architecture and implementation using investigative techniques such as threat trees and threat model-directed code reviews
- Develop a credible security characterization for modeling threats
- Use threat modeling to help verify security features and increase the resilience of software systems
- Increase customer confidence in your products!
Synopsis
Delve into the threat modeling methodology used by Microsoft's] security experts to identify security risks, verify an application's security architecture, and develop countermeasures in the design, coding, and testing phases. (Computer Books)
Synopsis
Threat modeling has become one of the top security analysis methodologies that Microsoft's developers use to identify risks and make better design, coding, and testing decisions. This book provides a clear, concise explanation of the threat-modeling process, describing a structured approach you can use to assess the security vulnerabilities for any application, regardless of platform. Software designers and developers discover how to use threat modeling during the specification phase of a new project or a major revision-from verifying application architecture to identifying and evaluating threats and designing countermeasures. Test engineers discover how to apply threat-modeling principles when creating test plans to verify results. It's the essential, high-level reference for software professionals responsible for designing, refining, and maximizing the security features in their application architecture.
About the Author
Frank Swiderski is a Software Security Engineer at Microsoft® and is responsible for helping Microsoft product teams evaluate the impact of threats to their product or component. He has specialized in application security for several years, including serving as a managing security architect for @stake, a leading digital security consulting firm.
Window Snyder is a program manager for the Microsoft® Secure Windows® Initiative Team. She is the former director of Security Architecture for @stake, and has dedicated eight years to the security industry as a consultant and as a software engineer.
Table of Contents
Reviewer Acclaim for Frank Swiderski, Window Snyder, and Threat Modeling Introduction Support Part I: Application Security Chapter 1: Introduction to Application Security Chapter 2: Why Threat Modeling? Part II: Understanding Threat Modeling Chapter 3: How an Adversary Sees an Application Chapter 4: Constraining and Modeling the Application Chapter 5: The Threat Profile Part III: Using Threat Modeling Effectively Chapter 6: Choosing What to Model Chapter 7: Testing Based on a Threat Model Chapter 8: Making Threat Modeling Work Part IV: Sample Threat Models Appendix A: Fabrikam Phone 1.0 Appendix B: Humongous Insurance Price Quote Website Appendix C: A. Datum Access Control API Appendix : About the Authors