Book Image

Threat Modeling

By : Adam Shostack
Book Image

Threat Modeling

By: Adam Shostack

Overview of this book

As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is critical. This book will give you the confidence to design secure software products and systems and test their designs against threats. This book is the only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier?s Secrets and Lies and Applied Cryptography! The book starts with an introduction to threat modeling and focuses on the key new skills that you'll need to threat model and lays out a methodology that's designed for people who are new to threat modeling. Next, you?ll explore approaches to find threats and study the advantages and disadvantages of each approach. Moving ahead, you?ll manage threats and learn about the activities involved in threat modeling. You?ll also focus on threat modeling of specific technologies and find out tricky areas and learn to address them. Towards the end, you?ll shift your attention to the future of threat modeling and its approaches in your organization. By the end of this book, you?ll be able to use threat modeling in the security development lifecycle and in the overall software and systems design processes.
Table of Contents (15 chapters)
Free Chapter
End User License Agreement

The Acme Database

The Acme database is a software product designed to be run on-premises by organizations of all sizes. The currently shipping version is 3.1, and this is the team's first threat model. They have chosen to model what they have and then determine how each new feature interacts with this model as part of the same process in which they do performance and reliability analysis. This modeling is inspired by a series of recent design flaws that affected company revenue. The output of this modeling would be a clear list of bugs and action items. Because the important take-away from this appendix is not the bugs or action items, but the approach that finds them in your software or system, the bug list is not provided as a list.

Security Requirements

Acme has formalized security requirements for the first time. Those requirements are as follows:

  • The product is no less secure than the typical competitor (Acme's software is currently very insecure, and as such, stronger...