0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Threat Modeling Gameplay with EoP

You're reading from Threat Modeling Gameplay with EoP A reference manual for spotting threats in software architecture

Product type Paperback

Published in Aug 2024

Publisher Packt

ISBN-13 9781804618974

Length 256 pages

Edition 1st Edition

Concepts

Software Architecture

Author (1):

Brett Crawley

View More author details

Table of Contents (18) Chapters

Preface

1. Chapter 1: Game Play

2. Chapter 2: Spoofing FREE CHAPTER

3. Chapter 3: Tampering

4. Chapter 4: Repudiation

5. Chapter 5: Information Disclosure

6. Chapter 6: Denial of Service

7. Chapter 7: Elevation of Privilege

8. Chapter 8: Privacy

9. Chapter 9: Transfer

10. Chapter 10: Retention/Removal

11. Chapter 11: Inference

12. Chapter 12: Minimization

13. Glossary

14. Further Reading

Games

15. Licenses for third party content

CWE:

16. Index

Why subscribe?

17. Other Books You May Enjoy

Queen of Spoofing II

An attacker could go after the way credentials are updated or recovered (account recovery doesn’t require disclosing the old password).

Threat
	Unless an email is sent using Transport Layer Security (TLS), an attacker could request a reset password and intercept the email containing a link to reset the password.
CAPEC	CAPEC-50 - Password Recovery Exploitation
ASVS	2.1.6 - Ensure both the new and current password are required to change the password 2.2.3 - Ensure notifications are sent for password changes 2.7.2 - Ensure verifiers have short TTLs (time to live) 2.7.3 - Ensure verifiers are Single Use 2.7.4 - Ensure verifiers communicated over a secure channel
CWE	CWE...

You have been reading a chapter from

Threat Modeling Gameplay with EoP

Published in: Aug 2024

Publisher: Packt

ISBN-13: 9781804618974

© 2024 Packt Publishing Limited All Rights Reserved

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at £16.99/month. Cancel anytime

Authors (1)

Brett Crawley

Brett Crawley

Brett Crawley is a principal application security engineer, (ISC2) CISSP, CSSLP, and CCSP certified, the project lead on the OWASP Application Security Awareness Campaigns project, and the author of the OSTERING blog on security. He has published a Miro template for threat modeling with the Elevation of Privilege card game and also published the CAPEC S.T.R.I.D.E. mapping mind maps and other resources. With over 10 years of application security experience and over 25 years of software engineering experience, he works with teams to define their security best practices and introduce security by design into their existing SDLC, and as part of this initiative, he trains teams in threat modeling because good design is of key importance. He is also an advocate for using a data-driven approach to AppSec, to help identify the business-critical components, thereby optimizing the reduction of risk to the organization.

See other products by Brett Crawley

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m