Threat Modeling by Adam Shostack - Free Chapter Included
Threat Modeling is an explanatory book by Adam Shostack that teaches the various methods and ways to successfully threat model. We sat with him to talk about his book and he gave a sneak preview to the first chapter. Share
Back in 2014, Adam Shostack – a program manager and security developer for Microsoft – published a book on threat modeling. His book, which is available in Kindle and paperback, explains how to optimize network security for software developers, security managers, and security professionals.
We sat down with him to talk about his book and the significance of threat modeling.
vpnMentor: What made you write Threat Modeling?
Shostack: I wrote Threat Modeling because threat modeling is at the core of my security career. I have watched so many people struggle to create threat models, even mediocre ones, and I figured there was a better way to teach it. We security folks learn by doing, by action, by apprenticeship, but a lot of what we're taught to do goes untested.
When threat modeling, should you focus on assets? No, it's a trap. What about focusing on thinking like an attacker? Also a trap. The system catches normal, well-meaning engineers trying to do the right thing, but they aren't successful. It got to the point where even speaking with these engineers for an hour about what to do and what not to do wasn't sufficient, so I decided to write a book about it.
vpnMentor: What new knowledge did you gain while writing this book?
The biggest thing I learned in writing the book was just how big threat modeling is. There are ways to think about what you're working on, what can go wrong, what to do about it, or if you did a good job.
Writing a book on threat modeling is like writing a book on all of programming. In programming, there are languages, like Perl or Haskel or even Excel, and there are methods to do it, from copying and pasting to StackOverflow to very formal engineering approaches. There are stages from concept to implementation, to testing and deployment. I had to fit all that into one book! But at the core of threat modeling are four questions:
(1) What are we working on?
(2) What can go wrong?
(3) What are we going to do about it?
(4) Did we do a good job?
I hope sharing these focus points will help others successfully threat model.
Threat Modeling: Designing for Security is available for purchase on Amazon. Click on the link below to read the first chapter.