Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Table of Contents Part I: Getting Started
Chapter 1: Dive In and Threat Model!
Learning to Threat Model Threat Modeling on Your Own Checklists for Diving In and Threat Modeling Summary
Chapter 2: Strategies for Threat Modeling
“What's Your Threat Model?” Brainstorming Your Threats Structured Approaches to Threat Modeling Models of Software Summary
Part II: Finding Threats
Chapter 3: STRIDE
Understanding STRIDE and Why It's Useful Spoofing Threats Tampering Threats Repudiation Threats Information Disclosure Threats Denial-of-Service Threats Elevation of Privilege Threats Extended Example: STRIDE Threats against Acme-DB STRIDE Variants Exit Criteria Summary
Chapter 4: Attack Trees
Working with Attack Trees Representing a Tree Example Attack Tree Real Attack Trees Perspective on Attack Trees Summary
Chapter 5: Attack Libraries
Properties of Attack Libraries CAPEC OWASP Top Ten Summary
Chapter 6: Privacy Tools
Solove's Taxonomy of Privacy Privacy Considerations for Internet Protocols Privacy Impact Assessments (PIA) The Nymity Slider and the Privacy Ratchet Contextual Integrity LINDDUN Summary
Part III: Managing and Addressing Threats
Chapter 7: Processing and Managing Threats
Starting the Threat Modeling Project Digging Deeper into Mitigations Tracking with Tables and Lists Scenario-Specific Elements of Threat Modeling Summary
Chapter 8: Defensive Tactics and Technologies
Tactics and Technologies for Mitigating Threats Addressing Threats with Patterns Mitigating Privacy Threats Summary
Chapter 9: Trade-Offs When Addressing Threats
Classic Strategies for Risk Management Selecting Mitigations for Risk Management Threat-Specific Prioritization Approaches Mitigation via Risk Acceptance Arms Races in Mitigation Strategies Summary
Chapter 10: Validating That Threats Are Addressed
Testing Threat Mitigations Checking Code You Acquire QA'ing Threat Modeling Process Aspects of Addressing Threats Tables and Lists Summary
Chapter 11: Threat Modeling Tools
Generally Useful Tools Open-Source Tools Commercial Tools Tools That Don't Exist Yet Summary
Part IV: Threat Modeling in Technologies and Tricky Areas
Chapter 12: Requirements Cookbook
Why a “Cookbook”? The Interplay of Requirements, Threats, and Mitigations Business Requirements Prevent/Detect/Respond as a Frame for Requirements People/Process/Technology as a Frame for Requirements Development Requirements vs. Acquisition Requirements Compliance-Driven Requirements Privacy Requirements The STRIDE Requirements Non-Requirements Summary
Chapter 13: Web and Cloud Threats
Web Threats Cloud Tenant Threats Cloud Provider Threats Mobile Threats Summary
Chapter 14: Accounts and Identity
Account Life Cycles Authentication Account Recovery Names, IDs, and SSNs Summary
Chapter 15: Human Factors and Usability
Models of People Models of Software Scenarios Threat Elicitation Techniques Tools and Techniques for Addressing Human Factors User Interface Tools and Techniques Testing for Human Factors Perspective on Usability and Ceremonies Summary
Chapter 16: Threats to Cryptosystems
Cryptographic Primitives Classic Threat Actors Attacks Against Cryptosystems Building with Crypto Things to Remember About Crypto Secret Systems: Kerckhoffs and His Principles Summary
Part IV: Threat Modeling in Technologies and Tricky Areas
Chapter 17: Bringing Threat Modeling to Your Organization
How To Introduce Threat Modeling Who Does What? Threat Modeling within a Development Life Cycle Overcoming Objections to Threat Modeling Summary
Chapter 18: Experimental Approaches
Looking in the Seams Operational Threat Models The “Broad Street” Taxonomy Adversarial Machine Learning Threat Modeling a Business Threats to Threat Modeling Approaches How to Experiment Summary
Chapter 19: Architecting for Success
Understanding Flow Knowing the Participants Boundary Objects The Best Is the Enemy of the Good Closing Perspectives Summary
Appendix A: Helpful Tools
Common Answers to “What's Your Threat Model?” Assets
Appendix B: Threat Trees
STRIDE Threat Trees Other Threat Trees
Appendix C: Attacker Lists
Attacker Lists Personas and Archetypes Aucsmith's Attacker Personas Background and Definitions Personas
Appendix D: Elevation of Privilege: The Cards
Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege (EoP)
Appendix E: Case Studies
The Acme Database Acme's Operational Network Phones and One-Time Token Authenticators Sample for You to Model
Glossary Bibliography Introduction
What Is Threat Modeling? Reasons to Threat Model Who Should Read This book? What You Will Gain from This Book How To Use This Book New Lessons on Threat Modeling
End User License Agreement
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion