Risk Centric Threat Modeling Process for Attack Simulation and Threat Analysis,9780470500965

Risk Centric Threat Modeling Process for Attack Simulation and Threat Analysis

by ;
Edition: 1st
ISBN13: 9780470500965
ISBN10: 0470500964
Format: Hardcover
Pub. Date: 2015-05-26
Publisher(s): Wiley
  • Free Shipping Icon

    This Item Qualifies for Free Shipping!*

    *Excludes marketplace orders.

List Price: $135.46

Buy New

Arriving Soon. Will ship when available.
$129.01
Add to Cart

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$116.40
$116.40
Add to Cart

Used Textbook

We're Sorry
Sold Out

Buy from our Marketplace starting at $56.65

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

This book educates readers on how to apply application threat modeling as a more advanced preventive form of security, describing countermeasures to security threats. This book covers the most up-to-date methodologies, tools, and case studies of successful application threat modeling techniques. It gives testimonies on what ingredients and steps contribute to an effective use of the proposed application threat modeling methodologies. This is highly sought-after in a time when application security extends beyond Web 2.0 and affects various industries beyond online retail, including (but not limited to) government, finance, ERP, and even newer application models such as SaaS (Software as a Service).

Author Biography

Tony UcedaVélez is CEO at VerSprite, an Atlanta based security services firm assisting global MNCs on various areas of cyber security, secure software development, threat modeling and security risk management. Tony has worked and led teams in the areas of application security, penetration testing, security architecture, and technical risk management for various organizations in Utility, Banking, Government, Retail, Healthcare, and Information Services.

Marco M Morana serves as Senior Vice President-Application Security Architect for CitiGroup, where he is responsible for managing the architecture risk analysis and threat modeling program globally and leads global initiatives to mitigate risks of emerging cyber-threats targeting web applications of institutional clients. Marco has designed and developed business critical security software products for several Fortune 500 companies, and also for NASA.  

 

Table of Contents

Foreword ix

Preface xv

List of Figures xvii

List of Tables xxiii

1 Threat Modeling Overview 1

Definitions 1

Origins and Use 3

Summary 8

Rationale and Evolution of Security Analysis 9

Summary 19

Building A Better Risk Model 19

Summary 31

Threat Anatomy 33

Summary 48

Crowdsourcing Risk Analytics 48

2 Objectives and Benefits of Threat Modeling 63

Defining a Risk Mitigation Strategy 63

Improving Application Security 82

Building Security in the Software Development Life Cycle 92

Identifying Application Vulnerabilities and Design Flaws 104

Analyzing Application Security Risks 118

3 Existing Threat Modeling Approaches 137

Security Software Risk-Based Variants 137

4 Threat Modeling Within the SDLC 195

Building Security in SDLC with Threat Modeling 195

Integrating Threat Modeling Within The Different Types of SDLCs 205

5 Threat Modeling and Risk Management 235

Data Breach Incidents and Lessons for Risk Management 235

Threats and Risk Analysis 259

Risk-Based Threat Modeling 282

Threat Modeling in Information Security and Risk

Management Processes 289

Threat Modeling Within Security Incident Response Processes 306

6 Intro to PASTA 317

Risk-Centric Threat Modeling 317

7 Diving Deeper into PASTA 343

Exploring the Seven Stages and Embedded Threat Modeling Activities 343

Chapter Summary 478

8 PASTA Use Case 479

PASTA Use Case Example Walk-Through 479

Glossary 633

References 653

Index 657

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.