What do you think?
Rate this book
Threat Modeling: A Practical Guide for Development Teams
Threat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or a member of a development team, this book will help you gain a better understanding of how you can apply core threat modeling concepts to your practice to protect your systems against threats.
Contrary to popular belief, threat modeling doesn't require advanced security knowledge to initiate or a Herculean effort to sustain. But it is critical for spotting and addressing potential concerns in a cost-effective way before the code's written--and before it's too late to find a solution. Authors Izar Tarandach and Matthew Coles walk you through various ways to approach and execute threat modeling in your organization.
Explore fundamental properties and mechanisms for securing data and system functionality
Understand the relationship between security, privacy, and safety
Identify key characteristics for assessing system security
Get an in-depth review of popular and specialized techniques for modeling and analyzing your systems
View the future of threat modeling and Agile development methodologies, including DevOps automation
Find answers to frequently asked questions, including how to avoid common threat modeling pitfalls
Contrary to popular belief, threat modeling doesn't require advanced security knowledge to initiate or a Herculean effort to sustain. But it is critical for spotting and addressing potential concerns in a cost-effective way before the code's written--and before it's too late to find a solution. Authors Izar Tarandach and Matthew Coles walk you through various ways to approach and execute threat modeling in your organization.
Explore fundamental properties and mechanisms for securing data and system functionality
Understand the relationship between security, privacy, and safety
Identify key characteristics for assessing system security
Get an in-depth review of popular and specialized techniques for modeling and analyzing your systems
View the future of threat modeling and Agile development methodologies, including DevOps automation
Find answers to frequently asked questions, including how to avoid common threat modeling pitfalls
- GenresTechnologySoftware
433 pages, Kindle Edition
Published November 12, 2020
25 people are currently reading
122 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
February 7, 2020
It's still an early access version as of this writing and has only the first three chapters, but so far I've found the book pretty accessible and practical. I expect this book is going to be a great introductory to secure design practice if improvements are made in the 'convincing with more evidence' department (and of course the rest of chapters are filled well).
May 26, 2021
The book is promising but doesn't deliver what I was expecting. To me, it seems like it's just a collection of web articles on threat modeling. But good for novice threat modelers.
November 5, 2024
A good understanding of most of the tools in the industry today and the different methodologies considered.
This book is a good guideline for anyone who wants to get started in threat modelling.
This book is a good guideline for anyone who wants to get started in threat modelling.
January 27, 2021
This was a quite good overview of modern principles, methodologies and tools for threat modeling with some taste of agile. The book is rather fresh and that's the most important and valuable thing about it. As for practicality, I would doubt this book is perfect. More examples, step-by-step guides would work better. Still, there are not so many such books out there - definitely worth reading!
Displaying 1 - 4 of 4 reviews