Threat Modeling Gameplay with EoP -  Brett Crawley

Threat Modeling Gameplay with EoP (eBook)

A reference manual for spotting threats in software architecture
eBook Download: EPUB
2024 | 1. Auflage
256 Seiten
Packt Publishing (Verlag)
978-1-83508-915-6 (ISBN)
Systemvoraussetzungen
29,99 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen

Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay.
Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You'll explore the methodology for threat modeling-Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you'll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems.
By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.


Work with over 150 real-world examples of threat manifestation in software development and identify similar design flaws in your systems using the EoP game, along with actionable solutionsKey FeaturesApply threat modeling principles effectively with step-by-step instructions and support materialExplore practical strategies and solutions to address identified threats, and bolster the security of your software systemsDevelop the ability to recognize various types of threats and vulnerabilities within software systemsPurchase of the print or Kindle book includes a free PDF eBookBook DescriptionAre you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay. Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You ll explore the methodology for threat modeling Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems. By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.What you will learnUnderstand the Elevation of Privilege card game mechanicsGet to grips with the S.T.R.I.D.E. threat modeling methodologyExplore the Privacy and T.R.I.M. extensions to the gameIdentify threat manifestations described in the gamesImplement robust security measures to defend against the identified threatsComprehend key points of privacy frameworks, such as GDPR to ensure complianceWho this book is forThis book serves as both a reference and support material for security professionals and privacy engineers, aiding in facilitation or participation in threat modeling sessions. It is also a valuable resource for software engineers, architects, and product managers, providing concrete examples of threats to enhance threat modeling and develop more secure software designs. Furthermore, it is suitable for students and engineers aspiring to pursue a career in application security. Familiarity with general IT concepts and business processes is expected.]]>
Erscheint lt. Verlag 9.8.2024
Vorwort Adam Shostack
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Naturwissenschaften
ISBN-10 1-83508-915-1 / 1835089151
ISBN-13 978-1-83508-915-6 / 9781835089156
Informationen gemäß Produktsicherheitsverordnung (GPSR)
Haben Sie eine Frage zum Produkt?
EPUBEPUB (Ohne DRM)

Digital Rights Management: ohne DRM
Dieses eBook enthält kein DRM oder Kopier­schutz. Eine Weiter­gabe an Dritte ist jedoch rechtlich nicht zulässig, weil Sie beim Kauf nur die Rechte an der persön­lichen Nutzung erwerben.

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belle­tristik und Sach­büchern. Der Fließ­text wird dynamisch an die Display- und Schrift­größe ange­passt. Auch für mobile Lese­geräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür die kostenlose Software Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das umfassende Handbuch

von Michael Kofler; Klaus Gebeshuber; Peter Kloep …

eBook Download (2022)
Rheinwerk Computing (Verlag)
39,92
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
42,99
Umfassendes Sicherheits-, Kontinuitäts- und Risikomanagement mit …

von Klaus-Rainer Müller

eBook Download (2023)
Springer Fachmedien Wiesbaden (Verlag)
79,99