Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Threat Modeling Gameplay with EoP

You're reading from   Threat Modeling Gameplay with EoP A reference manual for spotting threats in software architecture

Arrow left icon
Product type Paperback
Published in Aug 2024
Publisher Packt
ISBN-13 9781804618974
Length 256 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Brett Crawley Brett Crawley
Author Profile Icon Brett Crawley
Brett Crawley
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Chapter 1: Game Play 2. Chapter 2: Spoofing FREE CHAPTER 3. Chapter 3: Tampering 4. Chapter 4: Repudiation 5. Chapter 5: Information Disclosure 6. Chapter 6: Denial of Service 7. Chapter 7: Elevation of Privilege 8. Chapter 8: Privacy 9. Chapter 9: Transfer 10. Chapter 10: Retention/Removal 11. Chapter 11: Inference 12. Chapter 12: Minimization 13. Glossary
14. Further Reading 15. Licenses for third party content 16. Index 17. Other Books You May Enjoy

Summary

You’ve now covered the threat types described on the cards from the Information Disclosure suit in the Elevation of Privilege card deck with the addition of two cards from the T.R.I.M. extension for the game. These threats detailed flaws relating to brute forcing, reconnaissance, missing cryptography both in transit and at rest, being too descriptive in messages, social engineering, file permissions, and access control.

You should now understand why sensitive data should be encrypted wherever possible, how sharing too much information (no matter how innocuous it may seem) can be harmful, and why you should always set the strongest permissions by default and then relax them as needed. Having a greater awareness of the threats in this category and having discussed how to mitigate them, be confident that you are making it as difficult as possible for your adversary to get at the data.

In the next chapter, we will cover the fifth S.T.R.I.D.E. category of threats or...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime