Channels ▼

Jolt Awards: The Best Books

, September 23, 2014 The best books of the past 12 months.
  • E-mail
  • Print

Jolt Finalist: Threat Modeling

by Adam Shostack

It has become all too usual to read news about specific software being vulnerable to serious security threats. Considering that most modern software usually runs on Internet-connected devices, we must become more aware of modern security threats and design our software to protect it against specific potential threats.

In this book, the author focuses on modeling software projects to address or mitigate potential threats. You don't need much security expertise to read the book and the first two chapters provide easy-to-understand, real-life examples to introduce the threat modeling approach. By this means, you begin to find security bugs early and understand your security requirements. The author uses diagrams, tables, and easy-to-understand examples to explain modern threats that you should be able to identify, then describes the different possible ways to either mitigate or eliminate them.

The book also discusses the different ways of modeling software to address threats, as well as techniques and tools to find those threats. Once you've read the first two chapters, you can focus on the threats that are most important for your security needs, and read the techniques and tools for those in particular.

The author also discusses how to manage and address threats, with an interesting focus on evaluating and making risk tradeoffs. Illustrative experiences in threat modeling in specific technologies are also provided, with great coverage of threat modeling in modern Web, cloud, and mobile applications and a cookbook approach that you can use as a baseline for your security requirements analysis. The last part of the book presents interesting ideas to introduce threat modeling as part of your software development projects. Unluckily, the author has chosen to focus on modeling and didn't include code samples in the book. Code samples would have been very useful to make the subject clearer for developers who must imagine in their own lines of code how some of the attacks are performed.

In the U.S., modeling is still viewed with a certain amount of resistance, although it is widely accepted in Europe and elsewhere. Security vulnerabilities might well be the medium by which modeling demonstrates its value to U.S. business developers and hobbyists. If so, Threat Modeling is likely to be a key part of the dialog, illuminating both the technique and the way it seal off holes into which crackers can place crowbars. Overall, this is an excellent volume that should be examined by most developers concerned with issues of security.

— Gastón Hillar

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.