Our videos have over 5 million views on Youtube! Visit our channel now »
The listings featured on this site are from companies from which this site receives compensation. Read the Advertising Disclosure for more information
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Threat Modeling by Adam Shostack - Free Chapter Included

Threat Modeling is an explanatory book by Adam Shostack that teaches the various methods and ways to successfully threat model. We sat with him to talk about his book and he gave a sneak preview to the first chapter.

Back in 2014, Adam Shostack – a program manager and security developer for Microsoft – published a book on threat modeling. His book, which is available in Kindle and paperback, explains how to optimize network security for software developers, security managers, and security professionals.  

We sat down with him to talk about his book and the significance of threat modeling.

vpnMentor: What made you write Threat Modeling?

Shostack: I wrote Threat Modeling because threat modeling is at the core of my security career.  I have watched so many people struggle to create threat models, even mediocre ones, and I figured there was a better way to teach it.  We security folks learn by doing, by action, by apprenticeship, but a lot of what we're taught to do goes untested.

When threat modeling, should you focus on assets? No, it's a trap. What about focusing on thinking like an attacker? Also a trap. The system catches normal, well-meaning engineers trying to do the right thing, but they aren't successful. It got to the point where even speaking with these engineers for an hour about what to do and what not to do wasn't sufficient, so I decided to write a book about it.

vpnMentor:  What new knowledge did you gain while writing this book?

The biggest thing I learned in writing the book was just how big threat modeling is. There are ways to think about what you're working on, what can go wrong, what to do about it, or if you did a good job.

Writing a book on threat modeling is like writing a book on all of programming. In programming, there are languages, like Perl or Haskel or even Excel, and there are methods to do it, from copying and pasting to StackOverflow to very formal engineering approaches. There are stages from concept to implementation, to testing and deployment. I had to fit all that into one book! But at the core of threat modeling are four questions:

(1) What are we working on?

(2) What can go wrong?

(3) What are we going to do about it?

(4) Did we do a good job?

I hope sharing these focus points will help others successfully threat model.

Threat Modeling: Designing for Security is available for purchase on Amazon. Click on the link below to read the first chapter. 

Click here to read a chapter from Adam's book!

About the Author

Sarit is an experienced internet security writer who believes everyone has the right to online privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.