Description |
xv, 259 pages : illustrations ; 23 cm |
Contents |
Pt. I. Application security -- 1. Introduction to application security -- 2. Why threat modeling? -- Pt. II. Understanding threat modeling -- 3. How an adversary sees an application -- 4. Constraining and modeling the application -- 5. The threat profile -- Pt. III. Using threat modeling effectively -- 6. Choosing what to model -- 7. Testing based on a threat model -- 8. Making threat modeling work -- Pt. IV. Sample threat models -- A. Fabrikam phone 1.0 -- B. Humongous insurance price quote website -- C. A. Datum acces control API |
Summary |
"Microsoft application security specialists Frank Swiderski and Window Snyder describe the concepts and goals for threat modeling - a structured approach for identifying evaluating, and mitigating risks to system security. Discover how to use the threat modeling methodology to analyze your system, from the adversary's point of view - creating a set of data points that help drive security specifications and testing. You'll review application scenarios that illustrate threat modeling concepts in action, understanding how to use threat modeling to help improve the built in security features of a system - as well as your customer's confidence in that system - regardless of development environment."--BOOK JACKET |
Notes |
Includes index |
Subject |
Computer security.
|
|
Computer networks -- Security measures.
|
Author |
Snyder, Window.
|
LC no. |
2004049976 |
ISBN |
0735619913 paperback |
|