Threat Modeling: A Practical Guide for Development Teams (Paperback)
暫譯: 威脅建模:開發團隊的實用指南 (平裝本)
Tarandach, Izar, Coles, Matthew J.
- 出版商: O'Reilly
- 出版日期: 2020-12-22
- 定價: $2,280
- 售價: 8.0 折 $1,824
- 語言: 英文
- 頁數: 240
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1492056553
- ISBN-13: 9781492056553
-
相關分類:
資訊安全、軟體工程
-
相關翻譯:
威脅建模|開發團隊的實務指南 (Threat Modeling: A Practical Guide for Development Teams) (繁中版)
立即出貨 (庫存 < 4)
買這商品的人也買了...
-
Linux 驅動程式, 3/e (Linux Device Drivers, 3/e)$980$774 -
Fuzzing: Brute Force Vulnerability Discovery (Paperback)$2,200$2,090 -
深入淺出 Linux TCP/IP 協定核心$520$442 -
Linux Kernel Hacks 改善效能、提昇開發效率及節能的技巧與工具$680$537 -
$1,710The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback) -
$941Key Performance Indicators For Dummies (Paperback) -
Node.js 物聯網裝置開發 (Node.JS for Embedded Systems: Using Web Technologies to Build Connected Devices)$480$379 -
Advanced API Security: The Definitive Guide to API Security, 2/e$1,730$1,644 -
Learning Robotics using Python: Design, simulate, program, and prototype an autonomous mobile robot using ROS, OpenCV, PCL, and Python, 2nd Edition$1,230$1,169 -
Mastering Flask Web Development: Build enterprise-grade, scalable Python web applications, 2/e (Paperback)$1,400$1,330 -
$454物聯網滲透測試 (Iot Penetration Testing Cookbook) -
Conceptual Physics, 12/e (GE-Paperback)$1,540$1,509 -
從實踐中學習 Windows 滲透測試$594$564 -
使用 AWS 在雲端建置 Linux 伺服器的 20堂課$500$350 -
矽谷工程師教你 Kubernetes:史上最全 CI/CD 中文應用指南(iT邦幫忙鐵人賽系列書)$600$468 -
網絡安全與攻防策略:現代威脅應對之道(原書第2版)$834$792 -
$1,470Developing IoT Projects with ESP32: Automate your home or business with inexpensive Wi-Fi devices -
$305移動終端漏洞挖掘技術 -
嵌入式 Linux 作業系統實務$340$333 -
Go 黑帽子 : 滲透測試編程之道$594$564 -
$1,998Hacking Kubernetes: Threat-Driven Analysis and Defense -
$2,200Software Architecture: The Hard Parts: Modern Trade-Off Analyses for Distributed Architectures (Paperback) -
The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks (Paperback)$1,758$1,665 -
$403物聯網安全實戰 -
Frontend Development Projects with Vue.js 3 : Learn the fundamentals of building scalable web applications and dynamic user interfaces, 2/e (Paperback)$2,030$1,929
相關主題
商品描述
Threat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or application developer, this book will help you gain a better understanding of core concepts and how to apply them to your practice to protect your systems from threats.
Authors Izar Tarandach and Matthew Coles walk you through the myriad ways to approach and execute threat modeling. Contrary to popular belief, the process takes neither incredibly advanced security knowledge nor an unmanageable amount of effort. But it's critical for spotting and addressing potential concerns in a cost-effective way before the code's written and it's too late to find a solution.
- Find out why threat modeling is important and how it can make you and your team better, more well-rounded architects and developers
- Learn the most effective ways to integrate threat modeling into your development lifecycle
- Use the results of a threat modeling exercise on other aspects of the system lifecycle
商品描述(中文翻譯)
威脅建模是開發生命週期中最重要且最容易被誤解的部分之一。無論您是安全專業人員還是應用程式開發者,本書將幫助您更好地理解核心概念,以及如何將這些概念應用於實踐中,以保護您的系統免受威脅。
作者 Izar Tarandach 和 Matthew Coles 將引導您了解多種威脅建模的方法和執行方式。與普遍認知相反,這個過程既不需要極其高深的安全知識,也不需要無法管理的努力。但在編寫代碼之前,及時發現和解決潛在問題是至關重要的,這樣才能以具成本效益的方式找到解決方案,而不至於為時已晚。
- 了解為什麼威脅建模很重要,以及它如何使您和您的團隊成為更優秀、更全面的架構師和開發者
- 學習將威脅建模有效整合到您的開發生命週期中的最佳方法
- 將威脅建模練習的結果應用於系統生命週期的其他方面
作者簡介
Izar Tarandach is Lead Product Security Architect at Autodesk, Inc. Prior to this, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, and before that he was a Security Consultant at the EMC Product Security Office. He is a core contributor to SAFECode and a founding contributor to the IEEE Center for Security Design. He holds a master's degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.
Matthew Coles is the product security leader at Bose Corporation, where he leverages over 15 years of product security and systems engineering experience to enable teams to build security into the products and personalized experiences Bose delivers to customers worldwide. Prior to that he was lead product security architect for analog devices, and consulting product security architect at EMC. He has been a technical contributor to community standard initiatives such as ISO 27034, CVSS version 3, and the CWE/SANS Top 25 project. He holds a master's in computer science from Worcester Polytechnic Institute, and has previously served as an instructor in software security practices at Northeastern University.
作者簡介(中文翻譯)
Izar Tarandach 是 Autodesk, Inc. 的首席產品安全架構師。在此之前,他曾擔任 Dell EMC 的企業混合雲安全架構師,並在此之前是 EMC 產品安全辦公室的安全顧問。他是 SAFECode 的核心貢獻者,也是 IEEE 安全設計中心的創始貢獻者。他擁有波士頓大學的計算機科學/安全碩士學位,並曾在波士頓大學教授數位取證課程,以及在俄勒岡大學教授安全開發課程。
**Matthew Coles** 是 Bose Corporation 的產品安全負責人,他利用超過 15 年的產品安全和系統工程經驗,幫助團隊將安全性融入 Bose 提供給全球客戶的產品和個性化體驗中。在此之前,他曾擔任類比設備的首席產品安全架構師,以及 EMC 的顧問產品安全架構師。他曾是 ISO 27034、CVSS 版本 3 和 CWE/SANS 前 25 名項目等社區標準倡議的技術貢獻者。他擁有伍斯特理工學院的計算機科學碩士學位,並曾在東北大學教授軟體安全實踐課程。
