Supplemental for Threat Modeling: Designing for Security


Table of Contents for Threat Modeling: Designing for Security

Part I: Getting Started

  1.   Dive in and Threat Model
  2.   Strategies for Threat Modeling

Part II: Finding Threats

  1.   STRIDE
  2.   Attack Trees
  3.   Attack Libraries
  4.   Privacy Tools

Part III: Managing and Addressing Threats

  1.   Processing and Managing Threats
  2.   Defensive Tactics and Technologies
  3.   Trade-Offs When Addressing Threats
  4.   Validating That Threats Are Addressed
  5.   Threat Modeling Tools

Part IV: Threat Modeling in Technologies and Tricky Areas

  1.   Requirements Cookbook
  2.   Web and Cloud Threats
  3.   Accounts and Identity
  4.   Human Factors and Usability
  5.   Threats to Cryptosystems

Part V: Taking It to the Next Level

  1.   Bringing Threat Modeling to Your Organization
  2.   Experimental Approaches
  3.   Architecting for Success


  1.   Helpful Tools
  2.   Threat Trees
  3.   Attacker Lists
  4.   Elevation of Privilege : The Cards
  5.   Case Studies

Errata for Threat Modeling: Designing for Security

Errata last updated: June 25, 2018