Description

Book Synopsis

This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.

This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the f

Table of Contents

Foreword ix

Preface xv

List of Figures xvii

List of Tables xxiii

1 Threat Modeling Overview 1

Definitions 1

Origins and Use 3

Summary 8

Rationale and Evolution of Security Analysis 9

Summary 19

Building A Better Risk Model 19

Summary 31

Threat Anatomy 33

Summary 48

Crowdsourcing Risk Analytics 48

2 Objectives and Benefits of Threat Modeling 63

Defining a Risk Mitigation Strategy 63

Improving Application Security 82

Building Security in the Software Development Life Cycle 92

Identifying Application Vulnerabilities and Design Flaws 104

Analyzing Application Security Risks 118

3 Existing Threat Modeling Approaches 137

Security Software Risk-Based Variants 137

4 Threat Modeling Within the SDLC 195

Building Security in SDLC with Threat Modeling 195

Integrating Threat Modeling Within The Different Types of SDLCs 205

5 Threat Modeling and Risk Management 235

Data Breach Incidents and Lessons for Risk Management 235

Threats and Risk Analysis 259

Risk-Based Threat Modeling 282

Threat Modeling in Information Security and Risk

Management Processes 289

Threat Modeling Within Security Incident Response Processes 306

6 Intro to PASTA 317

Risk-Centric Threat Modeling 317

7 Diving Deeper into PASTA 343

Exploring the Seven Stages and Embedded Threat Modeling Activities 343

Chapter Summary 478

8 PASTA Use Case 479

PASTA Use Case Example Walk-Through 479

Glossary 633

References 653

Index 657

Risk Centric Threat Modeling

Product form

£84.56

Includes FREE delivery

RRP £93.95 – you save £9.39 (9%)

Order before 4pm today for delivery by Wed 31 Dec 2025.

A Hardback by Tony UcedaVelez, Marco M. Morana

15 in stock


    View other formats and editions of Risk Centric Threat Modeling by Tony UcedaVelez

    Publisher: John Wiley & Sons Inc
    Publication Date: 10/07/2015
    ISBN13: 9780470500965, 978-0470500965
    ISBN10: 0470500964
    Also in:
    Business and Management Computing Computer networking and communications Crime and criminology

    Description

    Book Synopsis

    This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.

    This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the f

    Table of Contents

    Foreword ix

    Preface xv

    List of Figures xvii

    List of Tables xxiii

    1 Threat Modeling Overview 1

    Definitions 1

    Origins and Use 3

    Summary 8

    Rationale and Evolution of Security Analysis 9

    Summary 19

    Building A Better Risk Model 19

    Summary 31

    Threat Anatomy 33

    Summary 48

    Crowdsourcing Risk Analytics 48

    2 Objectives and Benefits of Threat Modeling 63

    Defining a Risk Mitigation Strategy 63

    Improving Application Security 82

    Building Security in the Software Development Life Cycle 92

    Identifying Application Vulnerabilities and Design Flaws 104

    Analyzing Application Security Risks 118

    3 Existing Threat Modeling Approaches 137

    Security Software Risk-Based Variants 137

    4 Threat Modeling Within the SDLC 195

    Building Security in SDLC with Threat Modeling 195

    Integrating Threat Modeling Within The Different Types of SDLCs 205

    5 Threat Modeling and Risk Management 235

    Data Breach Incidents and Lessons for Risk Management 235

    Threats and Risk Analysis 259

    Risk-Based Threat Modeling 282

    Threat Modeling in Information Security and Risk

    Management Processes 289

    Threat Modeling Within Security Incident Response Processes 306

    6 Intro to PASTA 317

    Risk-Centric Threat Modeling 317

    7 Diving Deeper into PASTA 343

    Exploring the Seven Stages and Embedded Threat Modeling Activities 343

    Chapter Summary 478

    8 PASTA Use Case 479

    PASTA Use Case Example Walk-Through 479

    Glossary 633

    References 653

    Index 657

    Recently viewed products

    © 2025 Book Curl

      • American Express
      • Apple Pay
      • Diners Club
      • Discover
      • Google Pay
      • Maestro
      • Mastercard
      • PayPal
      • Shop Pay
      • Union Pay
      • Visa

      Login

      Forgot your password?

      Don't have an account yet?
      Create account