{"id":3103,"date":"2005-07-07T14:10:00","date_gmt":"2005-07-07T14:10:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/heaths\/2005\/07\/07\/book-review-threat-modeling\/"},"modified":"2005-07-07T14:10:00","modified_gmt":"2005-07-07T14:10:00","slug":"book-review-threat-modeling","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/setup\/book-review-threat-modeling\/","title":{"rendered":"Book Review: Threat Modeling"},"content":{"rendered":"<p><em><a href=\"http:\/\/www.microsoft.com\/mspress\/books\/6892.asp\">Threat Modeling<\/a><\/em> by our own Frank Swiderski and Window Snyder is one of those books you should read. Threat modeling may not be new, but if you&#8217;re new to threat modeling you should pick up this book.<\/p>\n<p>Threat modeling is about understanding threats to your application or feature and deciding how to mitigate those threats so that you aren&#8217;t left with vulnerabilities. This book is designed to help program managers, developers, and testers alike throughout the development lifecycle to construct and maintain threat models. Frank even wrote a tool to help ease the process of maintaining the threat model document <a href=\"http:\/\/www.microsoft.com\/downloads\/details.aspx?FamilyID=62830f95-0e61-4f87-88a6-e7c663444ac1\">available<\/a> from the Microsoft Download Center that utilizes a simple tree view and allows you to associate nodes, like assigning roles to threats.<\/p>\n<p>The book is short at only a 169 pages but it could be shorter. My biggest complaint with this book is that it&#8217;s incredibly redundant. The first two chapters are spent discussing why threat modeling is important. It is a valid point, as many people may be wondering why threat modeling is important or even what it is. Two chapters may be a little extensive, though, and constantly repeat the same ideas.<\/p>\n<p>Page 13 of the introduction does make a statement that might help in avoiding much of this redundancy:<\/p>\n<blockquote>\n<p>Development team members who want to skim this book for an overview should look at Chapter 2, which describes the overall threat modeling process. Chapters 3 and 5 will also be valuable to those looking for shortcuts because they describe entry points, assets, and the threat profile. Chapter 4 describes bounding the threat modeling discussion. The rest of the chapters, which flesh out the threat modeling process, will be most important for a project&#8217;s security process manager.<\/p>\n<\/blockquote>\n<p>I, of course, read the whole thing. So, some redundancy is warranted, since this book itself implies that it is a sort of reference book. But even consecutive sections within the&nbsp;aforementioned chapters repeat the same statements. There is a difference between driving a point home and driving your reader crazy.<\/p>\n<p>I would also add that &#8211; if you are going to use the book as a reference &#8211; you take a look at Part 4 &#8211;&nbsp;appendices A, B, and C &#8211; which are entire threat model documents for the three example features used throughout the book.<\/p>\n<p>This book is a good book for anyone in software design and development to understand how to write secure software. Every entry and exit point is a threat, and unmitigated threats are vulnerabilities. Feature- and program-level threat modeling can help to mitigate those threats by identifying use cases and non-use cases for those entry points, roles accessing those entry points, threats associated with those entry points using the STRIDE&nbsp; classification (Spoofing, Tampering, Repudiation, Denial of service, and Elevation of privilege), the risk a threat poses using a DREAD rank (Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability), and internal and external notes about the threats. The book also points out that a threat model document is a living document, meaning that it should be kept current as the design of the feature or program changes.<\/p>\n<p>This is a good companion book to <em><a href=\"http:\/\/www.microsoft.com\/MSPress\/books\/6822.asp\">Code Complete, Second Edition<\/a><\/em> and <em><a href=\"http:\/\/www.microsoft.com\/MSPress\/books\/5957.asp\">Writing Secure Code, Second Edition<\/a><\/em>.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat Modeling by our own Frank Swiderski and Window Snyder is one of those books you should read. Threat modeling may not be new, but if you&#8217;re new to threat modeling you should pick up this book. Threat modeling is about understanding threats to your application or feature and deciding how to mitigate those threats [&hellip;]<\/p>\n","protected":false},"author":389,"featured_media":3843,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[32],"class_list":["post-3103","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-reviews"],"acf":[],"blog_post_summary":"<p>Threat Modeling by our own Frank Swiderski and Window Snyder is one of those books you should read. Threat modeling may not be new, but if you&#8217;re new to threat modeling you should pick up this book. Threat modeling is about understanding threats to your application or feature and deciding how to mitigate those threats [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/posts\/3103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/users\/389"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/comments?post=3103"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/posts\/3103\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/media\/3843"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/media?parent=3103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/categories?post=3103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/setup\/wp-json\/wp\/v2\/tags?post=3103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}