Process for Attack Simulation and Threat Analysis
Buch, Englisch, 696 Seiten, Format (B × H): 161 mm x 240 mm, Gewicht: 1194 g
ISBN: 978-0-470-50096-5
Verlag: Wiley
This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.
This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the focus of Chapter 5. Chapter 6 and Chapter 7 examine Process for Attack Simulation and Threat Analysis (PASTA). Finally, Chapter 8 shows how to use the PASTA risk-centric threat modeling process to analyze the risks of specific threat agents targeting web applications. This chapter focuses specifically on the web application assets that include customer’s confidential data and business critical functionality that the web application provides.
• Provides a detailed walkthrough of the PASTA methodology alongside software development activities, normally conducted via a standard SDLC process
• Offers precise steps to take when combating threats to businesses
• Examines real-life data breach incidents and lessons for risk management
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis is a resource for software developers, architects, technical risk managers, and seasoned security professionals.
Autoren/Hrsg.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Daten / Datenbanken Kryptologie, Informationssicherheit
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit Datensicherheit, Datenschutz
- Mathematik | Informatik EDV | Informatik Programmierung | Softwareentwicklung Software Engineering
Weitere Infos & Material
Foreword ix
Preface xv
List of Figures xvii
List of Tables xxiii
1 Threat Modeling Overview 1
Definitions 1
Origins and Use 3
Summary 8
Rationale and Evolution of Security Analysis 9
Summary 19
Building A Better Risk Model 19
Summary 31
Threat Anatomy 33
Summary 48
Crowdsourcing Risk Analytics 48
2 Objectives and Benefits of Threat Modeling 63
Defining a Risk Mitigation Strategy 63
Improving Application Security 82
Building Security in the Software Development Life Cycle 92
Identifying Application Vulnerabilities and Design Flaws 104
Analyzing Application Security Risks 118
3 Existing Threat Modeling Approaches 137
Security Software Risk-Based Variants 137
4 Threat Modeling Within the SDLC 195
Building Security in SDLC with Threat Modeling 195
Integrating Threat Modeling Within The Different Types of SDLCs 205
5 Threat Modeling and Risk Management 235
Data Breach Incidents and Lessons for Risk Management 235
Threats and Risk Analysis 259
Risk-Based Threat Modeling 282
Threat Modeling in Information Security and Risk
Management Processes 289
Threat Modeling Within Security Incident Response Processes 306
6 Intro to PASTA 317
Risk-Centric Threat Modeling 317
7 Diving Deeper into PASTA 343
Exploring the Seven Stages and Embedded Threat Modeling Activities 343
Chapter Summary 478
8 PASTA Use Case 479
PASTA Use Case Example Walk-Through 479
Glossary 633
References 653
Index 657
