About Threat Modeling: Designing for Security

cover

If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning.

Threat Modeling: Designing for Security is full of actionable, tested advice for software developers, systems architects and managers, and security professionals. From the very first chapter, it teaches the reader how to threat model. That is, how to use models to predict and prevent problems, even before you've started coding.

Threat Modeling: Designing for Security is jargon-free, accessible, and provides proven frameworks that are designed to integrate into real projects that need to ship on tight schedules. You can get value from threat model all sorts of things, even as simple as a contact us page (and see that page for that threat model.)

In praise of Threat Modeling: Designing for Security

testimonial-1 "The book also discusses the different ways of modeling software to address threats, as well as techniques and tools to find those threats...Overall, this is an excellent volume that should be examined by most developers concerned with issues of security."
— Gastón Hillar, reviewing for the Jolt Awards
testimonial-1 "Shostack envisions the process of threat modeling as a way of integrating security principles into the development process and make developers active participants in identifying and fixing vulnerabilities before the product reaches the door."
— Richard Austin, reviewing for IEEE Cipher
testimonial-1 "Even if you've never coded a line of software in your life, and you don't know spoofing from a denial of service attack, you'll have an excellent understanding of what threat modelers do, and why it's important, after reading this book."
— Michael Whitener, reviewing for the IAPP (Int'l Association of Privacy Professionals)

Upcoming or Recent Events

August in Las Vegas: Blackhat & Defcon

At Blackhat, Adam will be signing books at the VeraCode booth Wednesday August 6th at 1PM.
At Defcon, Adam will be signing at the NoStarch booth Saturday August 9 at 1PM.

September in Ghent, Belgium: BruCon

At BruCon, Adam will be delivering a keynote on "Threat Modeling Lessons from Star Wars."

October in Atlanta: ISC2 Congress

At The (ISC) Congress, Adam will be delivering the general session at 8AM Thursday October 2.