Threat Modeling: Designing for Security
About
If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning.
- Find and fix security issues before they hurt you or your customers
- Learn to use practical and actionable tools, techniques, and approaches for software developers, IT professionals, and security enthusiasts
- Explore the nuances of software-centric threat modeling and discover its application to software and systems during the build phase and beyond
- Apply threat modeling to improve security when managing complex systems (or even simple ones!)
- Manage potential threats using a structured, methodical framework
- Discover and discern evolving security threats
- Use specific, actionable advice regardless of software type, operating system, or program approaches and techniques validated and proven to be effective at Microsoft and other top IT companies
Threat Modeling: Designing for Security is full of actionable, tested advice for software developers, systems architects and managers, and security professionals. From the very first chapter, it teaches the reader how to threat model. That is, how to use models to predict and prevent problems, even before you've started coding.
Threat Modeling: Designing for Security is jargon-free, accessible, and provides proven frameworks that are designed to integrate into real projects that need to ship on tight schedules. You can get value from threat model all sorts of things, even as simple as a contact us page (and see that page for that threat model.)
Errata > >Sample Chapters
- You can read the opening pages of the book via via Amazon's Look Inside, or via Google Preview
- You can see the Table of Contents here or via the previews.
Resources
Threat modeling: We have lots of threat modeling resources here.
Professors: Wiley maintains a instructor companion site for threat modeling including a one hour presentation, and a syllabus and presentations for a 13 week course, a set of quizzes, and other material to help you effectively teach threat modeling. You can also request online access for evaluation. Wiley will also provide copies for educators considering using the book as a textbook. Please use Wiley's textbook request form to purchase Educator copies.
Available as 威胁建模:设计和交付更安全的软件
如果你是一名软件开发人员、系统管理人员或者安全专业人员,《威胁建模(设计和交付更安全的软件)》将告诉你在安全开发软件的生命周期中或者软件和系统总体设计的过程中如何使用威胁建模方法。 (In other words, there was a Chinese edition, available at Amazon.cn.)