LIST OF TABLES
| 1.1 | Correlating Environmental Factors to Attack Motives – SAMPLE |
| 1.2 | Correlating Motives to Application Threat Vectors |
| 1.3 | Recommended Frequency for Environmental Threat Factor Analysis |
| 1.4 | Key Reasons App_Sec Fails Today |
| 1.5 | Threat Modeling Benefits for Various Roles |
| 1.6 | Threat Model Stack |
| 1.7 | Taxonomy of Attack Terms |
| 1.8 | Tools for Testing |
| 1.9 | Elements of Risk – Generic Listing of Key Risk Components |
| 2.1 | Application Security Roles, Responsibilities, and Benefits |
| 2.2 | Example of Threats and the Technical and Business Impacts |
| 2.3 | Criteria for Threat Modeling Scope |
| 2.4 | Criteria for Application Threat Modeling Updates |
| 2.5 | Mapping of Threats to Vulnerabilities |
| 3.1 | Example of Mapping Threat Modeling Efforts to Security Processes |
| 3.2 | Security Experience Meets Threat Modeling |
| 3.3 | Factors Affecting Time Requirements for Threat Modeling |
| 3.4 | DFD Symbols (Microsoft ACE Team) (59) |
| 3.5 | Traditional Network-Based Denial of Service Attacks |
| 3.6 | STRIDE Threat Categorization Table (60) |
| 3.7 | Example of STRIDE Classification Model |
| 3.8 | Threat Rating Table Example |
| 3.9 | Sample Risk Rating Exercise Using DREAD |
| 3.10 | DREAD Risk Rating Applied to Sample Threat |
| 3.11 | Security Objectives in support of Business Objectives |
| 3.12 | Application Decomposition for Mobile J2ME App |
| 3.13 | MITRE's Security Content |
| 5.1 | Example of Assignment of Risks Of A Threat Event based upon probability of the event and impact on the asset |
| 6.1 | Enterprise Process Mapping to PASTA Threat Modeling ... |
Get Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
