0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Threat Modeling Gameplay with EoP

You're reading from Threat Modeling Gameplay with EoP A reference manual for spotting threats in software architecture

Product type Paperback

Published in Aug 2024

Publisher Packt

ISBN-13 9781804618974

Length 256 pages

Edition 1st Edition

Concepts

Software Architecture

Author (1):

Brett Crawley

View More author details

Table of Contents (18) Chapters

Preface

1. Chapter 1: Game Play

2. Chapter 2: Spoofing FREE CHAPTER

3. Chapter 3: Tampering

4. Chapter 4: Repudiation

5. Chapter 5: Information Disclosure

6. Chapter 6: Denial of Service

7. Chapter 7: Elevation of Privilege

8. Chapter 8: Privacy

9. Chapter 9: Transfer

10. Chapter 10: Retention/Removal

11. Chapter 11: Inference

12. Chapter 12: Minimization

13. Glossary

14. Further Reading

Games

15. Licenses for third party content

CWE:

16. Index

Why subscribe?

17. Other Books You May Enjoy

4. of Repudiation

An attacker can alter digital signatures because the digital signature system you’re implementing is weak or uses MACs where it should use a signature.

Threat
	Your system uses shared keys to generate message authentication codes (MACs). These shared keys mean that both the sender and the receiver have the same key and, therefore, you cannot rely on this as a means to identify the source of the message. This poses a number of issues. As both you (the sender) and the receiver need the key, you will need a secure channel on which to share the key. You will also need to have a key for every recipient of the message and create a separate signature for each of them.
CAPEC	CAPEC-151 - Identity Spoofing CAPEC-195 - Principal Spoof CAPEC-194 - Fake the Source of Data
...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Brett Crawley

Brett Crawley

Brett Crawley is a principal application security engineer, (ISC2) CISSP, CSSLP, and CCSP certified, the project lead on the OWASP Application Security Awareness Campaigns project, and the author of the OSTERING blog on security. He has published a Miro template for threat modeling with the Elevation of Privilege card game and also published the CAPEC S.T.R.I.D.E. mapping mind maps and other resources. With over 10 years of application security experience and over 25 years of software engineering experience, he works with teams to define their security best practices and introduce security by design into their existing SDLC, and as part of this initiative, he trains teams in threat modeling because good design is of key importance. He is also an advocate for using a data-driven approach to AppSec, to help identify the business-critical components, thereby optimizing the reduction of risk to the organization.

See other products by Brett Crawley

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m