Book description
This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.
This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the focus of Chapter 5. Chapter 6 and Chapter 7 examine Process for Attack Simulation and Threat Analysis (PASTA). Finally, Chapter 8 shows how to use the PASTA risk-centric threat modeling process to analyze the risks of specific threat agents targeting web applications. This chapter focuses specifically on the web application assets that include customer's confidential data and business critical functionality that the web application provides.
Provides a detailed walkthrough of the PASTA methodology alongside software development activities, normally conducted via a standard SDLC process
Offers precise steps to take when combating threats to businesses
Examines real-life data breach incidents and lessons for risk management
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis is a resource for software developers, architects, technical risk managers, and seasoned security professionals.
Table of contents
- Cover
- Title Page
- Copyright
- Dedication
- FOREWORD
- PREFACE
- LIST OF FIGURES
- LIST OF TABLES
- CHAPTER 1: THREAT MODELING OVERVIEW
- CHAPTER 2: OBJECTIVES AND BENEFITS OF THREAT MODELING
- CHAPTER 3: EXISTING THREAT MODELING APPROACHES
- CHAPTER 4: THREAT MODELING WITHIN THE SDLC
- CHAPTER 5: THREAT MODELING AND RISK MANAGEMENT
- CHAPTER 6: INTRO TO PASTA
- CHAPTER 7: DIVING DEEPER INTO PASTA
- CHAPTER 8: PASTA USE CASE
- GLOSSARY
- REFERENCES
- INDEX
- End User License Agreement
Product information
- Title: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis
- Author(s):
- Release date: May 2015
- Publisher(s): Wiley
- ISBN: 9780470500965
You might also like
book
Cybersecurity – Attack and Defense Strategies - Second Edition
Updated and revised edition of the bestselling guide to developing defense strategies against the latest threats …
book
Cybersecurity and Third-Party Risk
STRENGTHEN THE WEAKEST LINKS IN YOUR CYBERSECURITY CHAIN Across the world, the networks of hundreds of …
book
Building a Cyber Risk Management Program
Cyber risk management is one of the most urgent issues facing enterprises today. This book presents …
book
Cybersecurity - Attack and Defense Strategies
Updated edition of the bestselling guide for planning attack and defense strategies based on the current …