Threat Modeling: Designing for Security

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier’s Secrets and Lies and Applied Cryptography!

Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You’ll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.

Systems security managers, you’ll find tools and a framework for structured thinking about what can go wrong. Software developers, you’ll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you’ll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.

  • Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs
  • Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric
  • Provides effective approaches and techniques that have been proven at Microsoft and elsewhere
  • Offers actionable how-to advice not tied to any specific software, operating system, or programming language
  • Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world

As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you’re ready with Threat Modeling: Designing for Security.

Users Comments:

  • The Bible for Information Security Threat Modeling.
    I have been an Information Security professional for over 20 years. Threat Modeling has been an elusive goal for a large portion of my career. Having the ability to analyze a proposal, architecture, or existing system is expected from a senior level professional. Unfortunately, too many of us covet the unrealistic ability to quickly perform a thorough, accurate analysis “on the fly”; impressing everyone around us. This is a horrible trait to have, but it is all over the place.
    The threat modeling approach addresses this problem by providing a frameworks that take some of the guesswork out of the equation. Adam Shostack captures the popular methods within this book and touches on some of the pros and cons of each method. In my opinion, Adam places an appropriate amount of focus on the STRIDE threat modeling method, as it is the most well documented approach in the industry. However, he does not slack on explaining alternate methods like LINDDUN and its relationship to data privacy threats. The author also introduces the reader to some of the tools that are on the market or are made available via open source.
    Most importantly, Adam highlights the importance of working with the various stakeholders within an organization to create a threat model. This cast could include but is not limited to, project managers, system administrators, database administrators, network engineers, and information security resources with the point being that threat modeling is not just something that someone with a CISSP can pull out of the air based on shear brilliance, it’s a product of several subject matter experts.
    This is the best resource on the market on the subject of security threat modeling.
  • Adam’s Threat Modeling: Designing for Security is a must and required reading for security practitioners. Threat modeling should become standard practice within security programs and Adam’s approachable narrative on how to implement threat modeling resonates loud and clear. Threat Modeling: Designing for Security combines both technical detail with pragmatic and actionable advice as to how you can implement threat modeling within your security program. Threat modeling increases assurance and offers a standard and structured way to answer “just how secure is this application or infrastructure?” Having defined attributes that need to be addressed as part of the security review ensures that security weaknesses don’t fall through the proverbial cracks. Bottom line, CISOs would be well-served adding threat modeling to their team’s required skills. Fantastic book!
  • I purchased this book to get some new tricks and perspectives to add to my existing threat modelling program. I was impressed that it had not only good technical input, anecdotes and examples but also a lot of infrastructure to build a new program. There are sample diagrams, templates and organizational processes that can be used to build a program from scratch. It is a handbook and body of knowledge on the topic.
    It is written from the point of view of software development but the material can be adapted to other applications.
    There is a lot of info here. You can use the book no matter what your level of experience but you will find it an easier read if you have some experience with threat modeling.
    Overall the best work I have seen on the topic.
  • Threat modeling as a discipline was new to me. This book attempts to be a complete and detailed history of threat modeling and what works. Written by an esteemed security expert from Microsoft, it speaks to to not only security practitioners but to program managers and developers. Understanding threat modeling and creating your own threat models is made less “scary” and comes with a game. Yes, it addresses the Agile/Devops movements, so now you have 2 card games to play (“Planning Poker” aka “Scrum Poker” along with “Escalation of Privilege”).
  • From the first chapter I was applying the principles to my job. Adam’s examples are easy to follow and get the point across well. I like the EoP game concept and will introduce that at the office when I have a better grasp of the material. It was well worth the price. It gets 4 stars instead of 5 because the editor missed some misspelled words and sequences (like when defining the STRIDE acronym they put the D in front of the I definition…) little stuff that doesn’t take away from the content but for us OCD folks can be a minor distraction. I recommend.

Be the first to comment on "Threat Modeling: Designing for Security"

Leave a comment

Your email address will not be published.