May 2017
Beginner
320 pages
6h 47m
English
Content preview from Hacking the Hacker
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
39Threat Modeling
Threat modeling is the process at looking at all the significant and likely potential threats to a scoped scenario, ranking their potential damage in a given time period, and figuring cost‐effective mitigations to defeat the highest‐priority threats. Threat modeling is used in all sorts of industries and in our particular case planning computer security defenses. Threat modeling is used in the security development lifecycle (SDL) efforts when programming and reviewing software and across computer devices and infrastructure. Only by using threat modeling can a defender quantify threats, risks, and mitigations, and compare the implemented plan against the reality of what occurs.
Why Threat Model?
Threat modeling reduces risk. At the very least it allows one or more people to consider the various threats and risks in a scenario. It allows multiple threats to be weighed against each other, mitigations to be developed and evaluated, and, hopefully, cost‐effective, useful mitigations to be deployed. We know for sure that, over the long run, software programmed using threat modeling consideration has fewer bugs and vulnerabilities than software that is not threat modeled. If software is being threat modeled for the first time, modelers may discover more bugs and vulnerabilities than in a prior period, and that increased number of vulnerabilities may continue for some period of time, but eventually the number of newly discovered bugs and vulnerability should fall. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.