Book Image

Threat Modeling

By : Adam Shostack
Book Image

Threat Modeling

By: Adam Shostack

Overview of this book

As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is critical. This book will give you the confidence to design secure software products and systems and test their designs against threats. This book is the only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier?s Secrets and Lies and Applied Cryptography! The book starts with an introduction to threat modeling and focuses on the key new skills that you'll need to threat model and lays out a methodology that's designed for people who are new to threat modeling. Next, you?ll explore approaches to find threats and study the advantages and disadvantages of each approach. Moving ahead, you?ll manage threats and learn about the activities involved in threat modeling. You?ll also focus on threat modeling of specific technologies and find out tricky areas and learn to address them. Towards the end, you?ll shift your attention to the future of threat modeling and its approaches in your organization. By the end of this book, you?ll be able to use threat modeling in the security development lifecycle and in the overall software and systems design processes.
Table of Contents (15 chapters)
Free Chapter
1
Cover
7
Glossary
8
Bibliography
10
End User License Agreement

Appendix B

Threat Trees

These threat trees are worked-through analyses, intended to act as both models and resources. Each tree is presented twice, first as a graphical tree and then as a textual one. The versions contain the same data, but different people will find one or the other more usable. The labels in the trees are, by necessity, shorthand for a longer attack description. The labels are intended to be evocative for those experienced with these trees. Toward this goal, some nodes have a label and a quoted tag, such as “phishing.” Not all nodes are easily tagged with a word or an acronym. The trees in this appendix are OR trees, where success in any node leads to success in the goal node. The rare exceptions are noted in the text and diagrams.

This appendix has three sections: The main body is a set of 15 STRIDE threat trees. That is followed by three trees for running code on a server, a client, or a mobile device, as those are common attacker targets. The last...