Part IV
Threat Modeling in Technologies and Tricky Areas
Part IV is where this book moves away from threat modeling as a generic approach, and focuses on threat modeling of specific technologies and tricky areas. In other words, this part moves from a focus on technique to a focus on the repertoire you'll need to address these tricky areas.
All of these technologies and areas (except requirements) share three properties that make it worth discussing them in depth:
- Systems will have similar threats.
- Those threats and the approaches to mitigating them have been extensively worked through, so there's no need to start from scratch.
- Naïve mitigations fall victim to worked-through attacks. Therefore, you can abstract what's been done in these areas into models, and you can learn the current practical state of the art in handling each.
The following chapters are included in this part:
- Chapter 12: Requirements Cookbook lays out a set of security requirements so that you...