Threat Modeling Gameplay with EoP - Brett Crawley

Threat Modeling Gameplay with EoP

A reference manual for spotting threats in software architecture

(Autor)

Buch | Softcover
256 Seiten
2024
Packt Publishing Limited (Verlag)
978-1-80461-897-4 (ISBN)
37,40 inkl. MwSt
Work with over 150 real-world examples of threat manifestation in software development and identify similar design flaws in your systems using the EoP game, along with actionable solutions

Key Features

Apply threat modeling principles effectively with step-by-step instructions and support material
Explore practical strategies and solutions to address identified threats, and bolster the security of your software systems
Develop the ability to recognize various types of threats and vulnerabilities within software systems
Purchase of the print or Kindle book includes a free PDF eBook

Book DescriptionAre you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay.
Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems.
By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.What you will learn

Understand the Elevation of Privilege card game mechanics
Get to grips with the S.T.R.I.D.E. threat modeling methodology
Explore the Privacy and T.R.I.M. extensions to the game
Identify threat manifestations described in the games
Implement robust security measures to defend against the identified threats
Comprehend key points of privacy frameworks, such as GDPR to ensure compliance

Who this book is forThis book serves as both a reference and support material for security professionals and privacy engineers, aiding in facilitation or participation in threat modeling sessions. It is also a valuable resource for software engineers, architects, and product managers, providing concrete examples of threats to enhance threat modeling and develop more secure software designs. Furthermore, it is suitable for students and engineers aspiring to pursue a career in application security. Familiarity with general IT concepts and business processes is expected.

Brett Crawley is a principal application security engineer, (ISC2) CISSP, CSSLP, and CCSP certified, the project lead on the OWASP Application Security Awareness Campaigns project, and the author of the OSTERING blog on security. He has published a Miro template for threat modeling with the Elevation of Privilege card game and also published the CAPEC S.T.R.I.D.E. mapping mind maps and other resources. With over 10 years of application security experience and over 25 years of software engineering experience, he works with teams to define their security best practices and introduce security by design into their existing SDLC, and as part of this initiative, he trains teams in threat modeling because good design is of key importance. He is also an advocate for using a data-driven approach to AppSec, to help identify the business-critical components, thereby optimizing the reduction of risk to the organization.

Table of Contents

Game Play
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
Privacy
Transfer
Retention/Removal
Inference
Minimization
Glossary
Further Reading

Erscheinungsdatum
Vorwort Adam Shostack
Verlagsort Birmingham
Sprache englisch
Maße 191 x 235 mm
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
ISBN-10 1-80461-897-7 / 1804618977
ISBN-13 978-1-80461-897-4 / 9781804618974
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00