did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780735619913

Threat Modeling

by ;
  • ISBN13:

    9780735619913

  • ISBN10:

    0735619913

  • Format: Paperback
  • Copyright: 2004-07-14
  • Publisher: Lightning Source Inc
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $34.99

Summary

In this straightforward and practical guide, Microsoft application security specialists Frank Swiderski and Window Snyder describe the concepts and goals for threat modelinga structured approach for identifying, evaluating, and mitigating risks to system security. Discover how to use the threat modeling methodology to analyze your system from the adversary's point of viewcreating a set of data points that help drive security specifications and testing. You'll review application scenarios that illustrate threat modeling concepts in action, understanding how to use threat modeling to help improve the built-in security of a systemas well as your customer's confidence in the security of that systemregardless of development environment.Gain an in-depth, conceptual understandingalong with practical ways to integrate threat modeling into your development efforts: Help anticipate attacks by seeing how adversaries assess your systemand compare their view to the developer's or architect's view Employ a data flow approach to create a threat profile for a system Reveal vulnerabilities in system architecture and implementation using investigative techniques such as threat trees and threat model-directed code reviews Develop a credible security characterization for modeling threats Use threat modeling to help verify security features and increase the resilience of software systems Increase customer confidence in your products!

Author Biography

Frank Swiderski is a software security engineer at Microsoft Window Snyder is a program manager for the Microsoft Secure Windows Initiative Team

Table of Contents

Introduction xi
Support xv
Part I Application Security
1 Introduction to Application Security
3(22)
Historical Perspective: Setting the Stage for Threat Modeling
4(1)
Code Reviews During Design and Implementation
5(3)
Finding Vulnerabilities in Architecture
6(1)
Finding Vulnerabilities in Implementation
7(1)
Why Application Security Is Critical to Business
8(2)
Customer Expectations
9(1)
Internal Enterprise Applications
9(1)
Business Cost of Vulnerabilities
10(1)
The Application Security Life Cycle
10(8)
Gathering Requirements
11(4)
Securing Design
15(1)
Threat Modeling
15(1)
Performing Implementation-Level Analysis (Code Review)
16(1)
Performing Penetration Tests
16(1)
Securing Deployment
17(1)
Integrating Feedback
17(1)
Elements of Application Security
18(4)
Architecture
19(1)
Implementation
20(2)
Roles in Application Security
22(1)
Summary
23(2)
2 Why Threat Modeling?
25(16)
Defining Threat Modeling
26(4)
Threat Modeling Terminology
27(1)
Purpose and Objectives
28(2)
Examining the Threat Modeling Process
30(6)
Understanding the Adversary's View
31(1)
Characterizing the Security of the System
32(1)
Determining Threats
33(1)
How Threat Modeling Fits into the Application Security Life Cycle
33(3)
Organizing a Threat Model
36(1)
Summary
37(4)
Part II Understanding Threat Modeling
3 How an Adversary Sees an Application
41(24)
The Adversary's Goals
42(1)
Principles of the Data Flow Approach
43(1)
Analyzing Entry Points
44(8)
Infrastructure Entry Points
45(1)
Exit Points
45(1)
Layered Entry Points
46(1)
Level of Granularity
46(1)
Relevance to the Threat Model
46(1)
Data to Collect
47(1)
Example: Fabrikam Phone 1.0
48(1)
Example: Humongous Insurance Price Quote Website
49(1)
Example: A. Datum Corporation Access Control API
50(2)
Determining Which Assets Are of Interest
52(7)
Abstract Assets
53(1)
Transitive Assets
54(1)
Assessing Risk to Assets
54(1)
Relevance to the Threat Model
54(1)
Data to Collect
55(1)
Example: Fabrikam Phone 1.0
56(1)
Example: Humongous Insurance Price Quote Website
57(1)
Example: A. Datum Access Control API
58(1)
Trust Levels
59(5)
Relevance to the Threat Model
60(1)
Data to Collect
61(1)
Example: Fabrikam Phone 1.0
61(1)
Example: Humongous Insurance Price Quote Website
62(1)
Example: A. Datum Access Control API
63(1)
Summary
64(1)
4 Constraining and Modeling the Application
65(34)
Gathering Relevant Background Information
66(21)
Use Scenarios
68(5)
External Dependencies
73(5)
External Security Notes
78(3)
Internal Security Notes
81(3)
Implementation Assumptions
84(3)
Modeling the Application Through Data Flow Diagrams
87(11)
Concepts
87(3)
DFD Hierarchy
90(1)
Using DFDs in Threat Modeling
91(7)
Summary
98(1)
5 The Threat Profile
99(30)
Identifying Threats
99(12)
Correlating Threats and Assets
100(1)
Creating Adversary Hypotheses
101(10)
Investigating Threats with Threat Trees
111(7)
Analyzing with Threat Trees
111(1)
Identifying Attack Paths
112(6)
Vulnerability Resolution and Mitigation
118(7)
Vulnerabilities vs. Threats
118(1)
Identifying Vulnerabilities
119(4)
Implications of Resolving Vulnerabilities
123(2)
Summary
125(4)
Part III Using Threat Modeling Effectively
6 Choosing What to Model
129(18)
Creating Feature-Level Threat Models
129(4)
Benefits of Feature-Level Threat Models
131(1)
Determining Which Features to Model
132(1)
Creating Application-Level Threat Models
133(4)
Benefits of Application-Level Threat Models
133(1)
Determining Which Applications to Model
134(2)
Choosing the Depth of the Analysis
136(1)
Knowing When a Threat Model Is Finished
137(3)
Documenting Entry Points
138(1)
Resolving All Threats
138(1)
Reviewing the Threat Model
138(1)
Preventing Threat Model Invalidation
139(1)
Questions Threat Model Teams Should Pose
140(6)
Overall Description
140(1)
Background Information
141(2)
The Adversary's View of the System
143(1)
Modeling the System
144(1)
Threat Determination
145(1)
Summary
146(1)
7 Testing Based on a Threat Model
147(14)
The Benefits and Shortcomings of Security Testing
147(4)
What Can Security Testing Provide?
148(1)
Where Security Testing Fails
149(1)
How Threat Models Fit In
150(1)
Using Threat Models to Drive Security Testing
151(4)
Design/Threat Model Reviews
152(1)
Code Reviews
152(1)
Penetration Testing
153(2)
Characterizing the Application's Security Risk
155(4)
Application Strengths
156(1)
Application Weaknesses
156(2)
Determining the Effectiveness of Threat Modeling and Security Testing
158(1)
Summary
159(2)
8 Making Threat Modeling Work
161(12)
Practical Considerations
161(4)
Planning
162(1)
Documenting
162(1)
Scheduling
163(1)
Determining Costs
164(1)
Revisiting the Threat Model
165(1)
Where to Go for Help
166(1)
Managing the Threat Modeling Process
167(2)
Determining Time Frame
167(1)
Identifying Vulnerabilities
168(1)
Summary
169(4)
Part IV Sample Threat Models
A Fabrikam Phone 1.0
173(22)
Use Scenarios
173(1)
External Dependencies
174(1)
Implementation Assumptions
174(1)
External Security Notes
175(1)
Internal Security Notes
175(1)
Trust Levels
176(1)
Entry Points
176(1)
Assets
177(1)
Data Flow Diagrams
178(2)
Threats
180(12)
Vulnerabilities
192(3)
B Humongous Insurance Price Quote Website
195(26)
Use Scenarios
196(1)
External Dependencies
196(1)
Implementation Assumptions
197(1)
External Security Notes
197(1)
Internal Security Notes
198(1)
Trust Levels
199(1)
Entry Points
199(4)
Assets
203(1)
Data How Diagrams
204(1)
Threats
205(11)
Vulnerabilities
216(5)
C A. Datum Acces Control API
221(22)
Use Scenarios
222(1)
External Dependencies
222(1)
Implementation Assumptions
222(1)
External Security Notes
223(1)
Internal Security Notes
224(1)
Trust Levels
224(1)
Entry Points
225(4)
Assets
229(1)
Data Flow Diagrams
230(2)
Threats
232(8)
Vulnerabilities
240(3)
Index 243

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program