Description

Book Synopsis

This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.

This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the f

Table of Contents

Foreword ix

Preface xv

List of Figures xvii

List of Tables xxiii

1 Threat Modeling Overview 1

Definitions 1

Origins and Use 3

Summary 8

Rationale and Evolution of Security Analysis 9

Summary 19

Building A Better Risk Model 19

Summary 31

Threat Anatomy 33

Summary 48

Crowdsourcing Risk Analytics 48

2 Objectives and Benefits of Threat Modeling 63

Defining a Risk Mitigation Strategy 63

Improving Application Security 82

Building Security in the Software Development Life Cycle 92

Identifying Application Vulnerabilities and Design Flaws 104

Analyzing Application Security Risks 118

3 Existing Threat Modeling Approaches 137

Security Software Risk-Based Variants 137

4 Threat Modeling Within the SDLC 195

Building Security in SDLC with Threat Modeling 195

Integrating Threat Modeling Within The Different Types of SDLCs 205

5 Threat Modeling and Risk Management 235

Data Breach Incidents and Lessons for Risk Management 235

Threats and Risk Analysis 259

Risk-Based Threat Modeling 282

Threat Modeling in Information Security and Risk

Management Processes 289

Threat Modeling Within Security Incident Response Processes 306

6 Intro to PASTA 317

Risk-Centric Threat Modeling 317

7 Diving Deeper into PASTA 343

Exploring the Seven Stages and Embedded Threat Modeling Activities 343

Chapter Summary 478

8 PASTA Use Case 479

PASTA Use Case Example Walk-Through 479

Glossary 633

References 653

Index 657

Risk Centric Threat Modeling

    Product form

    £84.56

    Includes FREE delivery

    RRP £93.95 – you save £9.39 (9%)

    Order before 4pm tomorrow for delivery by Fri 3 Jul 2026.

    A Hardback by Tony UcedaVelez, Marco M. Morana

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Risk Centric Threat Modeling by Tony UcedaVelez

      Publisher: John Wiley & Sons Inc
      Publication Date: 10/07/2015
      ISBN13: 9780470500965, 978-0470500965
      ISBN10: 0470500964
      Also in:
      Computer networking and communications Crime and criminology

      Description

      Book Synopsis

      This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.

      This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the f

      Table of Contents

      Foreword ix

      Preface xv

      List of Figures xvii

      List of Tables xxiii

      1 Threat Modeling Overview 1

      Definitions 1

      Origins and Use 3

      Summary 8

      Rationale and Evolution of Security Analysis 9

      Summary 19

      Building A Better Risk Model 19

      Summary 31

      Threat Anatomy 33

      Summary 48

      Crowdsourcing Risk Analytics 48

      2 Objectives and Benefits of Threat Modeling 63

      Defining a Risk Mitigation Strategy 63

      Improving Application Security 82

      Building Security in the Software Development Life Cycle 92

      Identifying Application Vulnerabilities and Design Flaws 104

      Analyzing Application Security Risks 118

      3 Existing Threat Modeling Approaches 137

      Security Software Risk-Based Variants 137

      4 Threat Modeling Within the SDLC 195

      Building Security in SDLC with Threat Modeling 195

      Integrating Threat Modeling Within The Different Types of SDLCs 205

      5 Threat Modeling and Risk Management 235

      Data Breach Incidents and Lessons for Risk Management 235

      Threats and Risk Analysis 259

      Risk-Based Threat Modeling 282

      Threat Modeling in Information Security and Risk

      Management Processes 289

      Threat Modeling Within Security Incident Response Processes 306

      6 Intro to PASTA 317

      Risk-Centric Threat Modeling 317

      7 Diving Deeper into PASTA 343

      Exploring the Seven Stages and Embedded Threat Modeling Activities 343

      Chapter Summary 478

      8 PASTA Use Case 479

      PASTA Use Case Example Walk-Through 479

      Glossary 633

      References 653

      Index 657

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account