Preface
Welcome to our practical guide to real-world threat modeling. This book is the result of 10 years of research, development, and practice in threat modeling and in secure systems design over the course of our respective careers. We worked hard to make sure the content is well supported, not only by our own observation, but also by the experiences of our colleagues and associates in the application security community.
While we have tried to present a collection of methods and techniques that are current and forward-looking, we know that changes will outpace the book over the coming months and years. Threat modeling is ever evolving. At the time of this writing (in 2020), close to two dozen distinct approaches to performing security modeling and analysis are available. Active forums within security-focused organizations and development communities worldwide are inventing new techniques or updating existing ones all the time. With this in mind, our goal with this book is to provide you information that is both actionable and accessible, with enough theory and guidance for you to reach your own conclusions and to adapt these techniques for your team and your systems.
Why We Wrote This Book
There’s a perception that you have to be part of the exclusive club of security experts to perform threat modeling. But it shouldn’t be that way. It should be a function and discipline of development. So our ultimate goal in this book is to change the perception of threat modeling so it ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access