Threat Modeling: A Practical Guide for Development Teams (Paperback)

Tarandach, Izar, Coles, Matthew J.

  • 出版商: O'Reilly
  • 出版日期: 2020-12-22
  • 定價: $1,980
  • 售價: 9.0$1,782
  • 語言: 英文
  • 頁數: 240
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1492056553
  • ISBN-13: 9781492056553
  • 相關分類: 資訊安全軟體工程
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

商品描述

Threat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or application developer, this book will help you gain a better understanding of core concepts and how to apply them to your practice to protect your systems from threats.

Authors Izar Tarandach and Matthew Coles walk you through the myriad ways to approach and execute threat modeling. Contrary to popular belief, the process takes neither incredibly advanced security knowledge nor an unmanageable amount of effort. But it's critical for spotting and addressing potential concerns in a cost-effective way before the code's written and it's too late to find a solution.

  • Find out why threat modeling is important and how it can make you and your team better, more well-rounded architects and developers
  • Learn the most effective ways to integrate threat modeling into your development lifecycle
  • Use the results of a threat modeling exercise on other aspects of the system lifecycle

商品描述(中文翻譯)

威脅建模是開發生命週期中最重要且最被誤解的部分之一。無論您是安全從業者還是應用程式開發人員,本書將幫助您更好地理解核心概念,並將其應用於實踐中,以保護系統免受威脅。

作者Izar Tarandach和Matthew Coles將引導您探索各種方法來進行威脅建模。與普遍觀念相反,這個過程既不需要極高的安全知識,也不需要難以管理的努力。但在編寫代碼之前,及時發現和解決潛在問題對於節省成本至關重要。


  • 了解為何威脅建模重要,以及如何使您和您的團隊成為更全面的架構師和開發人員

  • 學習將威脅建模有效地整合到您的開發生命週期中的最佳方法

  • 將威脅建模的結果應用於系統生命週期的其他方面

作者簡介

Izar Tarandach is Lead Product Security Architect at Autodesk, Inc. Prior to this, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, and before that he was a Security Consultant at the EMC Product Security Office. He is a core contributor to SAFECode and a founding contributor to the IEEE Center for Security Design. He holds a master's degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.

Matthew Coles is the product security leader at Bose Corporation, where he leverages over 15 years of product security and systems engineering experience to enable teams to build security into the products and personalized experiences Bose delivers to customers worldwide. Prior to that he was lead product security architect for analog devices, and consulting product security architect at EMC. He has been a technical contributor to community standard initiatives such as ISO 27034, CVSS version 3, and the CWE/SANS Top 25 project. He holds a master's in computer science from Worcester Polytechnic Institute, and has previously served as an instructor in software security practices at Northeastern University.

作者簡介(中文翻譯)

Izar Tarandach是Autodesk公司的首席產品安全架構師。在此之前,他曾擔任Dell EMC企業混合雲的安全架構師,以及EMC產品安全辦公室的安全顧問。他是SAFECode的核心貢獻者,也是IEEE安全設計中心的創始貢獻者。他擁有波士頓大學計算機科學/安全碩士學位,曾在波士頓大學擔任數位取證的講師,並在俄勒岡大學擔任安全開發的講師。

Matthew Coles是Bose Corporation的產品安全領導者,利用超過15年的產品安全和系統工程經驗,使團隊能夠將安全性融入Bose向全球客戶提供的產品和個性化體驗中。在此之前,他曾擔任模擬設備的首席產品安全架構師,以及EMC的產品安全架構師。他曾是ISO 27034、CVSS版本3和CWE/SANS前25項目等社區標準倡議的技術貢獻者。他擁有沃斯特理工學院的計算機科學碩士學位,曾在東北大學擔任軟體安全實踐的講師。