About Threat Modeling: Designing for Security


If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning.

Threat Modeling: Designing for Security is full of actionable, tested advice for software developers, systems architects and managers, and security professionals. From the very first chapter, it teaches the reader how to threat model. That is, how to use models to predict and prevent problems, even before you've started coding.

Threat Modeling: Designing for Security is jargon-free, accessible, and provides proven frameworks that are designed to integrate into real projects that need to ship on tight schedules. You can get value from threat model all sorts of things, even as simple as a contact us page (and see that page for that threat model.)

Recent Events

At the RSA Conference (and associated events) San Francisco (February 24-28)

Adam spoke at RSA on New Foundations for Threat modeling (Wednesday at 9:20) and was a panelist on Should a National Cyber Safety Board Be Created to Help Report on Breaches? (Thursday at 9:20).

He was at BSidesSF to speak on Threat Modeling: A New Hope (Monday at 3).

There will also be a book signing at RSA, time to be announced.

Silicon Valley tour (March 3-7)

The week after RSA, Adam stopped off at some companies around San Francisco and Silicon Valley, doing book talks and smaller informal how-to talks with security teams. One of those talks is available on the resources page.