Synopsis
Threat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or a member of a development team, this book will help you gain a better understanding of how you can apply core threat modeling concepts to your practice to protect your systems against threats. Contrary to popular belief, threat modeling doesn't require advanced security knowledge to initiate or a Herculean effort to sustain. But it is critical for spotting and addressing potential concerns in a cost-effective way before the code's written--and before it's too late to find a solution. Authors Izar Tarandach and Matthew Coles walk you through various ways to approach and execute threat modeling in your organization. Explore fundamental properties and mechanisms for securing data and system functionality Understand the relationship between security, privacy, and safety Identify key characteristics for assessing system security Get an in-depth review of popular and specialized techniques for modeling and analyzing your systems View the future of threat modeling and Agile development methodologies, including DevOps automation Find answers to frequently asked questions, including how to avoid common threat modeling pitfalls, Threat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or application developer, this book will help you gain a better understanding of core concepts and how to apply them to your practice to protect your systems from threats. Authors Izar Tarandach and Matthew Coles walk you through the myriad ways to approach and execute threat modeling. Contrary to popular belief, the process takes neither incredibly advanced security knowledge nor an unmanageable amount of effort. But it's critical for spotting and addressing potential concerns in a cost-effective way before the code's written and it's too late to find a solution. Find out why threat modeling is important and how it can make you and your team better, more well-rounded architects and developers Learn the most effective ways to integrate threat modeling into your development lifecycle Use the results of a threat modeling exercise on other aspects of the system lifecycle