Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Foreword Preface
Why We Wrote This Book Who This Book Is For What Is (and Isn’t!) in This Book These Techniques Apply Across Various Systems Your Contribution Matters Conventions Used in This Book O’Reilly Online Learning How to Contact Us Acknowledgments
Introduction
The Basics of Threat Modeling
What Is Threat Modeling? Why You Need Threat Modeling Obstacles Threat Modeling in the System Development Life Cycle
Essential Security Principles
Basic Concepts and Terminology Calculating Severity or Risk Core Properties Fundamental Controls Basic Design Patterns for Secure Systems
Summary
1. Modeling Systems
Why We Create System Models System Modeling Types
Data Flow Diagrams Sequence Diagrams Process Flow Diagrams Attack Trees Fishbone Diagrams
How to Build System Models What Does a Good System Model Look Like? Summary
2. A Generalized Approach to Threat Modeling
Basic Steps What You Are Looking for in a System Model
The Usual Suspects What You Should Not Expect to Discover
Threat Intelligence Gathering Summary
3. Threat Modeling Methodologies
Before We Go Too Deep… Looking Through Filters, Angles, and Prisms To the Methodologies, at Last!
STRIDE STRIDE per Element STRIDE per Interaction Process for Attack Simulation and Threat Analysis Threat Assessment and Remediation Analysis Trike
Specialized Methodologies
LINDDUN Madness? This Is SPARTA! INCLUDES NO DIRT
Shall We Play a Game?
Game: Elevation of Privilege Game: Elevation of Privilege and Privacy Game: OWASP Cornucopia Game: Security and Privacy Threat Discovery Cards Game: LINDDUN GO
Summary
4. Automated Threat Modeling
Why Automate Threat Modeling? Threat Modeling from Code
How It Works
Threat Modeling with Code
How It Works pytm Threagile
An Overview of Other Threat Modeling Tools
IriusRisk SD Elements ThreatModeler OWASP Threat Dragon Microsoft Threat Modeling Tool CAIRIS Mozilla SeaSponge Tutamen Threat Model Automator
Threat Modeling with ML and AI Summary
5. Continuous Threat Modeling
Why Continuous Threat Modeling? The Continuous Threat Modeling Methodology Evolutionary: Getting Better All the Time The Autodesk Continuous Threat Modeling Methodology
Baselining Baseline Analysis When Do You Know You Did Enough? Threat Model Every Story Findings from the Field
Summary
6. Own Your Role as a Threat Modeling Champion
How Do I Get Leadership On-Board with Threat Modeling? How Do I Overcome Resistance from the Rest of the Product Team? How Do We Overcome the Sense of (or Actual) Failure at Threat Modeling? How Should I Choose a Threat Modeling Methodology from Many Similar Approaches? How Should I Deliver “the Bad News”? What Actions Should I Take for Accepted Findings? Did I Miss Something? Summary and Closing Further Reading
A. A Worked Example
High-Level Process Steps Approaching Your First System Model Leading a Threat Modeling Exercise A Sample Exercise: Creating a System Model
Identifying Components, Flows, and Assets Identifying System Weaknesses and Vulnerabilities Identifying Threats Determining Exploitability Wrapping Things Up
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion