Jolt Awards: The Best Books, September 23, 2014 The best books of the past 12 months.
Jolt Finalist: Threat Modeling
by Adam Shostack
It has become all too usual to read news about specific software being vulnerable to serious security threats. Considering that most modern software usually runs on Internet-connected devices, we must become more aware of modern security threats and design our software to protect it against specific potential threats.
In this book, the author focuses on modeling software projects to address or mitigate potential threats. You don't need much security expertise to read the book and the first two chapters provide easy-to-understand, real-life examples to introduce the threat modeling approach. By this means, you begin to find security bugs early and understand your security requirements. The author uses diagrams, tables, and easy-to-understand examples to explain modern threats that you should be able to identify, then describes the different possible ways to either mitigate or eliminate them.
The book also discusses the different ways of modeling software to address threats, as well as techniques and tools to find those threats. Once you've read the first two chapters, you can focus on the threats that are most important for your security needs, and read the techniques and tools for those in particular.
The author also discusses how to manage and address threats, with an interesting focus on evaluating and making risk tradeoffs. Illustrative experiences in threat modeling in specific technologies are also provided, with great coverage of threat modeling in modern Web, cloud, and mobile applications and a cookbook approach that you can use as a baseline for your security requirements analysis. The last part of the book presents interesting ideas to introduce threat modeling as part of your software development projects. Unluckily, the author has chosen to focus on modeling and didn't include code samples in the book. Code samples would have been very useful to make the subject clearer for developers who must imagine in their own lines of code how some of the attacks are performed.
In the U.S., modeling is still viewed with a certain amount of resistance, although it is widely accepted in Europe and elsewhere. Security vulnerabilities might well be the medium by which modeling demonstrates its value to U.S. business developers and hobbyists. If so, Threat Modeling is likely to be a key part of the dialog, illuminating both the technique and the way it seal off holes into which crackers can place crowbars. Overall, this is an excellent volume that should be examined by most developers concerned with issues of security.