THREAT MODELING: Designing for Security

Chapter 13: Web and Cloud Threats

Adam Shostack is responsible for security development lifecycle (SDL) threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. With specific actionable advice, he details

how to build better security into the design of software from the outset.

Download the Chapter

You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Software developers will appreciate the jargon-free and accessible introduction to this essential skill. Security professionals will learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.

This downloadable chapter (Chapter 13) discusses "Web and Cloud Threats" in particular. Chris Wysopal, Veracode's co-founder and CTO, is the Technical Editor for this book.

What will you learn?

In this excerpt of Threat Modeling: Designing for Security, you will learn about:

  • Threat model web, cloud, cloud provider and mobile threats

  • Address compliance and legal threats in the cloud

  • Model recurring threat classes that are best managed with safer languages and test frameworks that focus on those classes, such as XSS and SQL injection

To purchase the entire book: click here.