Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows with Prime
Try Prime and start saving today with fast, free delivery

Kindle
$52.00

Available instantly

Paperback
$34.02 - $49.35

$49.35 with 24 percent savings

List Price: $65.00

FREE Returns

FREE delivery Wednesday, July 24. Order within 10 hrs 57 mins

Select delivery location

In Stock

$$49.35 () Includes selected options. Includes initial monthly payment and selected options. Details

Ships from

Amazon

Ships from

Amazon

Sold by

Apex_media🍏

Sold by

Apex_media🍏

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.

Read full return policy

Payment

Secure transaction

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Details

Add a gift receipt for easy returns

$34.02

May have some shelf-wear due to normal use. Your purchase funds free job training and education in the greater Seattle area. Thank you for supporting Goodwill's nonprofit mission! May have some shelf-wear due to normal use. Your purchase funds free job training and education in the greater Seattle area. Thank you for supporting Goodwill's nonprofit mission! See less

$3.99 delivery Tuesday, July 30. Details

Select delivery location

Only 1 left in stock - order soon.

$$49.35 () Includes selected options. Includes initial monthly payment and selected options. Details

Access codes and supplements are not guaranteed with used items.

Enhancements you chose aren't available for this seller. Details

${cardName} not available for the seller you chose

${cardName} unavailable for quantities greater than ${maxQuantity}.

Ships from and sold by Seattlegoodwill.

Other sellers on Amazon

New & Used (34) from $34.02 + $3.99 shipping

Image Unavailable

Image not available for
Color:

To view this video download Flash Player

Follow the author

Adam Shostack

Follow

Threat Modeling: Designing for Security 1st Edition

by Adam Shostack (Author)

4.5 323 ratings

See all formats and editions

{"desktop_buybox_group_1":[{"displayPrice":"$49.35","priceAmount":49.35,"currencySymbol":"$","integerValue":"49","decimalSeparator":".","fractionalValue":"35","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"TSsYYUh6wpTQulsNbjfWIhq8uu%2Fs%2BWxxWhgL%2F6W4%2FMnBx4Z1Z2KOP%2BhG6Hw2fvwxBK7UOASJQK0RReLvrgMe%2F3WpZxK3sFNquyHiQXSNw%2FGnjYg7VLwpzzBqsDhGfMubAUjgNr0ZAnkPZfZ2s2I%2FMHP9ECM3y%2BwDvhRMlYqt5IVaJIcy7wBddw%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$34.02","priceAmount":34.02,"currencySymbol":"$","integerValue":"34","decimalSeparator":".","fractionalValue":"02","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"TSsYYUh6wpTQulsNbjfWIhq8uu%2Fs%2BWxxGlMXJK3oSbkQ2CCBSjqXz6EN6w%2Fh%2B0rpO3h9JZbS9didP60Xi8NQhvRDhkCkOlDucUJyOO4ca5OAdV7WzNH%2FkW3Om4LTPljtWZo8NMGvaN%2BrCwprrGOMOvxVtyAQLccrufOTCi%2FcLkUwRTOFsCNxlKnc%2FdbNXWqU","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!

Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.

Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.

Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs
Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric
Provides effective approaches and techniques that have been proven at Microsoft and elsewhere
Offers actionable how-to advice not tied to any specific software, operating system, or programming language
Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world

As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

ISBN-10

1118809998
ISBN-13

978-1118809990
Edition

1st
Publisher

Wiley
Publication date

February 17, 2014
Language

English
Dimensions

7.3 x 1.4 x 9.2 inches
Print length

624 pages
See all details

Frequently bought together

$49.35

Get it as soon as Wednesday, Jul 24

In Stock

Sold by Apex_media🍏 and ships from Amazon Fulfillment.

+

Threat Modeling: A Practical Guide for Development Teams

$35.99

Get it as soon as Tuesday, Jul 23

Only 9 left in stock (more on the way).

Ships from and sold by Amazon.com.

+

Threats: What Every Engineer Should Learn From Star Wars

$18.42

Get it as soon as Wednesday, Jul 24

In Stock

Ships from and sold by Amazon.com.

Total price:

To see our price, add these items to your cart.

Try again!

Details

Added to Cart

Some of these items ship sooner than the others.

Show details Hide details

Choose items to buy together.

Izar Tarandach
51
Paperback
33 offers from $35.98
Corey J. Ball
255
Paperback
55 offers from $29.55
Douglas W. Hubbard
54
Hardcover
38 offers from $36.42
Nicholas Sherwood
92
Paperback
17 offers from $54.84
Tanya Janca
193
Paperback
62 offers from $16.35
Michael Sikorski
566
Paperback
50 offers from $23.59

Editorial Reviews

From the Inside Flap

use threat modeling to enhance software security

If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and in the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems from the very beginning.

Find and fix security issues before they hurt you or your customers
Learn to use practical and actionable tools, techniques, and approaches for software developers, IT professionals, and security enthusiasts
Explore the nuances of software-centric threat modeling and discover its application to software and systems during the build phase and beyond
Apply threat modeling to improve security when managing complex systems
Manage potential threats using a structured, methodical framework
Discover and discern evolving security threats
Use specific, actionable advice regardless of software type, operating system, or program approaches and techniques validated and proven to be effective at Microsoft and other top IT companies

From the Back Cover

use threat modeling to enhance software security

If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and in the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems from the very beginning.

Find and fix security issues before they hurt you or your customers
Learn to use practical and actionable tools, techniques, and approaches for software developers, IT professionals, and security enthusiasts
Explore the nuances of software-centric threat modeling and discover its application to software and systems during the build phase and beyond
Apply threat modeling to improve security when managing complex systems
Manage potential threats using a structured, methodical framework
Discover and discern evolving security threats
Use specific, actionable advice regardless of software type, operating system, or program approaches and techniques validated and proven to be effective at Microsoft and other top IT companies

Product details

Publisher ‏ : ‎ Wiley; 1st edition (February 17, 2014)
Language ‏ : ‎ English
Paperback ‏ : ‎ 624 pages
ISBN-10 ‏ : ‎ 1118809998
ISBN-13 ‏ : ‎ 978-1118809990
Item Weight ‏ : ‎ 2.53 pounds
Dimensions ‏ : ‎ 7.3 x 1.4 x 9.2 inches

Best Sellers Rank: #96,128 in Books (See Top 100 in Books)
- #64 in Computer Science (Books)
- #163 in Computer Security & Encryption (Books)
- #177 in Networking & Cloud Computing

Customer Reviews:
4.5 323 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

About the author

Follow authors to get new release updates, plus improved recommendations.

Adam Shostack

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs and more

Customer reviews

4.5 out of 5

323 global ratings

How customer reviews and ratings work

Customers say

Customers find the book great for any experience level, with full definitions and good technical input. They also say it's a good textbook on threat modeling with anecdotes and examples. Readers also say the writing style is easy to read and understand.

AI-generated from the text of customer reviews

Select to learn more

Content Use of threat modeling Writing style

15 customers mention "Content"15 positive0 negative

Customers find the book's content great for any experience level, a great source of information, and a classic topic. They also appreciate the strategies, insights, and anecdotes. Readers also mention that the book is full of definitions and makes a good reference.

"...This book is a treasure trove of knowledge that’ll elevate your security game to the next level!" Read more

"...I was impressed that it had not only good technical input, anecdotes and examples but also a lot of infrastructure to build a new program...." Read more

"not exactly ground breaking but certainly a well written and presented book on the topic. Good to have on the reference shelf." Read more

"...about threat modeling, this book continues to serve as a great source of information...." Read more

12 customers mention "Use of threat modeling"12 positive0 negative

Customers find the book a good textbook on threat modeling. They say it provides a strong set of techniques and frameworks for breaking down and tackling threats.

"...It breaks down complex security concepts into understandable chunks, making it perfect for both beginners and experts...." Read more

"...Threat modeling increases assurance and offers a standard and structured way to answer "just how secure is this application or..." Read more

"...I was impressed that it had not only good technical input, anecdotes and examples but also a lot of infrastructure to build a new program...." Read more

"...This book attempts to be a complete and detailed history of threat modeling and what works...." Read more

5 customers mention "Writing style"5 positive0 negative

Customers find the writing style easy to read and understand. They also say the online training is well thought out and perfect for both beginners and experts.

"...concepts into understandable chunks, making it perfect for both beginners and experts...." Read more

"...Adam's examples are easy to follow and get the point across well...." Read more

"not exactly ground breaking but certainly a well written and presented book on the topic. Good to have on the reference shelf." Read more

"...The book is easy to read and understand. Highly recommend for every security professional." Read more

Sort reviews by

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

none ya

Unlock the Secrets to Bulletproof Security Design!

Reviewed in the United States on March 29, 2024

Verified Purchase

Just finished reading "Threat Modeling: Designing for Security," and it’s a must-have for anyone in the field! It breaks down complex security concepts into understandable chunks, making it perfect for both beginners and experts. The strategies and insights provided are invaluable for designing impenetrable systems. It’s like having a security expert guiding you through every step of the process. This book is a treasure trove of knowledge that’ll elevate your security game to the next level!

3 people found this helpful

Helpful

Court Graham

The Bible for Information Security Threat Modeling

Reviewed in the United States on December 11, 2018

Verified Purchase

The Bible for Information Security Threat Modeling

I have been an Information Security professional for over 20 years. Threat Modeling has been an elusive goal for a large portion of my career. Having the ability to analyze a proposal, architecture, or existing system is expected from a senior level professional. Unfortunately, too many of us covet the unrealistic ability to quickly perform a thorough, accurate analysis “on the fly”; impressing everyone around us. This is a horrible trait to have, but it is all over the place.
The threat modeling approach addresses this problem by providing a frameworks that take some of the guesswork out of the equation. Adam Shostack captures the popular methods within this book and touches on some of the pros and cons of each method. In my opinion, Adam places an appropriate amount of focus on the STRIDE threat modeling method, as it is the most well documented approach in the industry. However, he does not slack on explaining alternate methods like LINDDUN and its relationship to data privacy threats. The author also introduces the reader to some of the tools that are on the market or are made available via open source.
Most importantly, Adam highlights the importance of working with the various stakeholders within an organization to create a threat model. This cast could include but is not limited to, project managers, system administrators, database administrators, network engineers, and information security resources with the point being that threat modeling is not just something that someone with a CISSP can pull out of the air based on shear brilliance, it’s a product of several subject matter experts.
This is the best resource on the market on the subject of security threat modeling.

Court Graham, CISSP, OSCP, CEH, ITIL, PCIP

16 people found this helpful

Helpful

J. Cameron

Jumps Right In

Reviewed in the United States on April 7, 2014

Verified Purchase

From the first chapter I was applying the principles to my job. Adam's examples are easy to follow and get the point across well. I like the EoP game concept and will introduce that at the office when I have a better grasp of the material. It was well worth the price. It gets 4 stars instead of 5 because the editor missed some misspelled words and sequences (like when defining the STRIDE acronym they put the D in front of the I definition...) little stuff that doesn't take away from the content but for us OCD folks can be a minor distraction. I recommend.

6 people found this helpful

Helpful

Amazon Customer

Threat modeling is to security as CAVR is to assurance and accounting...a most.

Reviewed in the United States on February 10, 2018

Verified Purchase

Adam's Threat Modeling: Designing for Security is a must and required reading for security practitioners. Threat modeling should become standard practice within security programs and Adam's approachable narrative on how to implement threat modeling resonates loud and clear. Threat Modeling: Designing for Security combines both technical detail with pragmatic and actionable advice as to how you can implement threat modeling within your security program. Threat modeling increases assurance and offers a standard and structured way to answer "just how secure is this application or infrastructure?" Having defined attributes that need to be addressed as part of the security review ensures that security weaknesses don't fall through the proverbial cracks. Bottom line, CISOs would be well-served adding threat modeling to their team's required skills. Fantastic book!

4 people found this helpful

Helpful

Steve V

A complete threat modeling program in a book

Reviewed in the United States on April 24, 2014

Verified Purchase

I purchased this book to get some new tricks and perspectives to add to my existing threat modelling program. I was impressed that it had not only good technical input, anecdotes and examples but also a lot of infrastructure to build a new program. There are sample diagrams, templates and organizational processes that can be used to build a program from scratch. It is a handbook and body of knowledge on the topic.

It is written from the point of view of software development but the material can be adapted to other applications.

There is a lot of info here. You can use the book no matter what your level of experience but you will find it an easier read if you have some experience with threat modeling.

Overall the best work I have seen on the topic.

10 people found this helpful

Helpful

Moe

An Exceptional Reference

Reviewed in the United States on February 14, 2019

Verified Purchase

This is THE tome to refer to for abstract threat modeling grounded in realistic examples that do not stray far from what the actual vulnerabilities and threat agents we see everyday. It is written in a way that allows you to read through it end to end, or use it as a reference to find out more information on the topics that concern you. The content really says a lot about the extensive security landscape expertise of the author.

I cannot recommend this book enough.

3 people found this helpful

Helpful

Caddock

worth a read

Reviewed in the United States on May 22, 2014

Verified Purchase

not exactly ground breaking but certainly a well written and presented book on the topic. Good to have on the reference shelf.

2 people found this helpful

Helpful

Amazon Customer

Great book for any experience level

Reviewed in the United States on February 24, 2019

Verified Purchase

I bought this book when I was new to threat modeling and was looking for a book that would teach the basics. This book definitely filled that need. As I learn more about threat modeling, this book continues to serve as a great source of information. So no matter your experience level, this book will be a great purchase.

2 people found this helpful

Helpful