January 2023
Intermediate to advanced
214 pages
3h 43m
Chinese
Content preview from 威胁建模:安全设计中的风险识别和规避
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
系统建模 | 39
外部实体是标准形状。至少,外部实体为从远程进程或机制进入系统的数据流
提供了一个来源。外部实体的例子通常包括用于访问 Web 服务器或类似服务的
Web 浏览器,但也可能包括任何类型的组件或处理单元。
图 1-3:用于绘制数据流图的外部实体符号
行为者(Actor)(参见图 1-4)主要代表系统的人类用户,是与系统提供的接口
有连接的标准形状 [ 直接连接,或通过一个中间的外部实体(如 Web 浏览器)
连接 ],通常用于绘图的上下文层。
图 1-4:用于绘制数据流图的行为者符号
如图 1-5 所示,数据存储(Data store)符号是一种代表一个功能单元的标准形
状,该功能单元指示“大容量”数据保存在何处,例如数据库(但不总是数据
库服务器)。你还可以使用数据存储符号来指示包含少量与安全性相关的数据的
文件或缓冲区,例如,包含 Web 服务器 TLS 证书的私钥的文件
注 7
,或用于对象
数据存储 [ 例如 Amazon Simple Storage Service(S3)存储桶 ] 存放应用程序的
日志文件输出。数据存储符号也可以表示消息总线或共享内存区域。
1
图 1-5:用于绘制数据流图的数据存储符号
数据存储应该被标记并有如下的元数据。
存储类型
这是一个文件、S3 存储桶、服务网格还是一个共享内存区域 ?
注 7: 在 Apache Tomcat 中使用这种机制。
40 | 第
1
章
所持有数据的类型和分类
发送到该模块的数据或从该模块读取的数据是结构化的还是非结构化的?
是否采用任何特定格式,例如, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.