Threat Modeling: A Practical Guide for Development Teams

Tarandach, Izar, Coles, Matthew J.

  • 出版商: O'Reilly
  • 出版日期: 2020-12-08
  • 定價: $1,820
  • 售價: 9.0$1,638
  • 語言: 英文
  • 頁數: 240
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1492056553
  • ISBN-13: 9781492056553
  • 立即出貨


Threat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or application developer, this book will help you gain a better understanding of core concepts and how to apply them to your practice to protect your systems from threats.

Authors Izar Tarandach and Matthew Coles walk you through the myriad ways to approach and execute threat modeling. Contrary to popular belief, the process takes neither incredibly advanced security knowledge nor an unmanageable amount of effort. But it's critical for spotting and addressing potential concerns in a cost-effective way before the code's written and it's too late to find a solution.

  • Find out why threat modeling is important and how it can make you and your team better, more well-rounded architects and developers
  • Learn the most effective ways to integrate threat modeling into your development lifecycle
  • Use the results of a threat modeling exercise on other aspects of the system lifecycle


Izar Tarandach is Lead Product Security Architect at Autodesk, Inc. Prior to this, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, and before that he was a Security Consultant at the EMC Product Security Office. He is a core contributor to SAFECode and a founding contributor to the IEEE Center for Security Design. He holds a master's degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.

Matthew Coles is the product security leader at Bose Corporation, where he leverages over 15 years of product security and systems engineering experience to enable teams to build security into the products and personalized experiences Bose delivers to customers worldwide. Prior to that he was lead product security architect for analog devices, and consulting product security architect at EMC. He has been a technical contributor to community standard initiatives such as ISO 27034, CVSS version 3, and the CWE/SANS Top 25 project. He holds a master's in computer science from Worcester Polytechnic Institute, and has previously served as an instructor in software security practices at Northeastern University.