Threat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or a member of a development team, this book will help you gain a better understanding of how you can apply core threat modeling concepts to your practice to protect your systems against threats. Contrary to popular belief, threat modeling doesn't require advanced security knowledge to initiate or a Herculean effort to sustain. But it is critical for spotting and addressing potential concerns in a cost-effective way before the code's written--and before it's too late to find a solution. Authors Izar Tarandach and Matthew Coles walk you through various ways to approach and execute threat modeling in your organization.
It's still an early access version as of this writing and has only the first three chapters, but so far I've found the book pretty accessible and practical. I expect this book is going to be a great introductory to secure design practice if improvements are made in the 'convincing with more evidence' department (and of course the rest of chapters are filled well).
The book is promising but doesn't deliver what I was expecting. To me, it seems like it's just a collection of web articles on threat modeling. But good for novice threat modelers.
A good understanding of most of the tools in the industry today and the different methodologies considered. This book is a good guideline for anyone who wants to get started in threat modelling.
This was a quite good overview of modern principles, methodologies and tools for threat modeling with some taste of agile. The book is rather fresh and that's the most important and valuable thing about it. As for practicality, I would doubt this book is perfect. More examples, step-by-step guides would work better. Still, there are not so many such books out there - definitely worth reading!