Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Threat Modeling Gameplay with EoP

You're reading from   Threat Modeling Gameplay with EoP A reference manual for spotting threats in software architecture

Arrow left icon
Product type Paperback
Published in Aug 2024
Publisher Packt
ISBN-13 9781804618974
Length 256 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Brett Crawley Brett Crawley
Author Profile Icon Brett Crawley
Brett Crawley
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Chapter 1: Game Play 2. Chapter 2: Spoofing FREE CHAPTER 3. Chapter 3: Tampering 4. Chapter 4: Repudiation 5. Chapter 5: Information Disclosure 6. Chapter 6: Denial of Service 7. Chapter 7: Elevation of Privilege 8. Chapter 8: Privacy 9. Chapter 9: Transfer 10. Chapter 10: Retention/Removal 11. Chapter 11: Inference 12. Chapter 12: Minimization 13. Glossary
14. Further Reading 15. Licenses for third party content 16. Index 17. Other Books You May Enjoy

Preface

I guess you could call this book the missing manual for Elevation of Privilege (EoP). It explains how to play the game and is a reference guide, with example threats for the cards in the EoP card game, enabling threat modeling beginners to better understand what they might look for in their design.

Using Elevation of Privilege cards with the example threats in this book, you will discover the threats that could affect your software design through gameplay.

Each chapter covers a suit in the Elevation of Privilege card deck (a threat category), and for each card, example threats, references, and suggested mitigations are given. You’ll cover the STRIDE with Privacy deck and the TRIM extension pack. STRIDE is a methodology for threat modeling and stands for Spoofing, Tampering, Repudiation, Information Disclosure and Elevation of Privilege, while TRIM is a framework for privacy and stands for Transfer, Retention/Removal, Inference, and Minimization. You’ll learn what these terms refer to and how they should be applied.

You’ll be able to recognize threats, understand privacy regulations, use the in-line references provided in the chapters to find out more, and learn what techniques you can use to protect against these threats and minimize your risk. Each threat is not necessarily one you will find in your design but is included to help you understand and consider what similar threats there could be in your design.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime