Threat Modeling

Threat Modeling
Published:June 16, 2004Language:English
Author:Frank Swiderski and Window SnyderTechnology:Security
Length:288 PagesISBN 13:9780735619913

List Price:

$ 34.99
About The BookGet expert advice on using threat modeling to analyze and improve system security

In this straightforward and practical guide, Microsoft application security specialists Frank Swiderski and Window Snyder describe the concepts and goals for threat modeling—a structured approach for identifying, evaluating, and mitigating risks to system security. Discover how to use the threat modeling methodology to analyze your system from the adversary’s point of view—creating a set of data points that help drive security specifications and testing. You’ll review application scenarios that illustrate threat modeling concepts in action, understanding how to use threat modeling to help improve the built-in security of a system—as well as your customer's confidence in the security of that system—regardless of development environment.

Gain an in-depth, conceptual understanding—along with practical ways to integrate threat modeling into your development efforts:

  • Help anticipate attacks by seeing how adversaries assess your system—and compare their view to the developer’s or architect’s view

  • Employ a data flow approach to create a threat profile for a system

  • Reveal vulnerabilities in system architecture and implementation using investigative techniques such as threat trees and threat model-directed code reviews

  • Develop a credible security characterization for modeling threats

  • Use threat modeling to help verify security features and increase the resilience of software systems

  • Increase customer confidence in your products!
  • About Frank Swiderski and Window SnyderFrank Swiderski is a Software Security Engineer at Microsoft and is responsible for helping Microsoft product teams evaluate the impact of threats to their product or component. He has specialized in application security for several years, including serving as a managing security architect for @stake, a leading digital security consulting firm.

    Window Snyder is a program manager for the Microsoft Secure Windows Initiative Team. She is the former director of Security Architecture for @stake, and has dedicated eight years to the security industry as a consultant and as a software engineer.
    Looking for training resources, events and advice from peers? Join the Microsoft Training and Certification Community. Preparing for an exam now? Find your Microsoft Certification Study Group. Talk to us on these social networks:
    What do you think of this book? Your feedback is important in helping us create books that serve your needs and meet your expectations.Please take our survey at

    Note: You will need this book's 13-digit International Standard Book Number (ISBN) to take the survey.The ISBN 13 can be found above.
    To report or search for corrections in this book or its companion content,
    search for the title in our online store and then check the Errata & Updates tab. To report errors, please go to our Submit errata page.