Adore Me - Shop now
Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows.
Buy new:
-43% $37.13
FREE delivery Wednesday, July 2
Ships from: Amazon.com
Sold by: Amazon.com
$37.13 with 43 percent savings
List Price: $65.00
FREE Returns
FREE delivery Wednesday, July 2
Or Prime members get FREE delivery Sunday, June 29. Order within 6 hrs 25 mins.
In Stock
$$37.13 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$37.13
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Ships from
Amazon.com
Amazon.com
Ships from
Amazon.com
Sold by
Amazon.com
Amazon.com
Sold by
Amazon.com
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
$29.54
Get Fast, Free Shipping with Amazon Prime FREE Returns
FREE delivery Wednesday, July 2 on orders shipped by Amazon over $35
Or fastest delivery Tuesday, July 1. Order within 6 hrs 25 mins
Only 1 left in stock - order soon.
$$37.13 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$37.13
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Access codes and supplements are not guaranteed with used items.
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the author

Adam Shostack
Follow
Something went wrong. Please try your request again later.

Threat Modeling: Designing for Security 1st Edition

by Adam Shostack (Author)
4.5 out of 5 stars 345 ratings
{"desktop_buybox_group_1":[{"displayPrice":"$37.13","priceAmount":37.13,"currencySymbol":"$","integerValue":"37","decimalSeparator":".","fractionalValue":"13","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"5aTlj2Hq43f%2Bp5A6WAHbCX7v8koMC4hpZ8iSXHfB4dd%2FxIONLd8ChZVpivO19OU%2BAaZmQSnwqf3u5E2pCAvasxhx0j2hkrSGnQUx4uSuop7djTFLdl5mAG63m2plJLkelDwAwTEpEExOxc5hZVZvFA%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$29.54","priceAmount":29.54,"currencySymbol":"$","integerValue":"29","decimalSeparator":".","fractionalValue":"54","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"5aTlj2Hq43f%2Bp5A6WAHbCX7v8koMC4hpH18ED508Mx%2BM4SJuqIgIWfzuW8tsOUkIhsfa6SKIz7DfaW3lteBbzDPLMRxQs9V7pfphzuK%2FyDZjKf8I56KP3t%2FNG1QfHEYDRoDVcS3vBD%2FJZqFKaaOZd%2B%2F93kb1zr2vd3%2FRqDUCOhGImnPi35bsAg%3D%3D","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!

Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.

Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.

  • Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs
  • Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric
  • Provides effective approaches and techniques that have been proven at Microsoft and elsewhere
  • Offers actionable how-to advice not tied to any specific software, operating system, or programming language
  • Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world

As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

Read more
Previous slide of product details
  1. ISBN-10
    1118809998
  2. ISBN-13
    978-1118809990
  3. Edition
    1st
  4. Publisher
    Wiley
  5. Publication date
    February 17, 2014
  6. Language
    English
  7. Dimensions
    7.4 x 1.4 x 9.2 inches
  8. Print length
    624 pages
Next slide of product details

Frequently bought together

Threat Modeling: Designing for Security
This item: Threat Modeling: Designing for Security
$32.00
Get it Jul 7 - 11
Only 1 left in stock - order soon.
Ships from and sold by wals01.
+
Threat Modeling: A Practical Guide for Development Teams
$35.99
Get it as soon as Wednesday, Jul 2
Only 9 left in stock (more on the way).
Ships from and sold by Amazon.com.
+
Threats: What Every Engineer Should Learn From Star Wars
$19.37
Get it as soon as Wednesday, Jul 2
In Stock
Ships from and sold by Amazon.com.
Total price: $00
To see our price, add these items to your cart.
Details
Added to Cart
Some of these items ship sooner than the others.
Show details Hide details
Choose items to buy together.

Editorial Reviews

From the Inside Flap

use threat modeling to enhance software security

If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and in the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning.

  • Find and fix security issues before they hurt you or your customers
  • Learn to use practical and actionable tools, techniques, and approaches for software developers, IT professionals, and security enthusiasts
  • Explore the nuances of software-centric threat modeling and discover its application to software and systems during the build phase and beyond
  • Apply threat modeling to improve security when managing complex systems
  • Manage potential threats using a structured, methodical framework
  • Discover and discern evolving security threats
  • Use specific, actionable advice regardless of software type, operating system, or program approaches and techniques validated and proven to be effective at Microsoft and other top IT companies

From the Back Cover

use threat modeling to enhance software security

If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and in the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems from the very beginning.

  • Find and fix security issues before they hurt you or your customers
  • Learn to use practical and actionable tools, techniques, and approaches for software developers, IT professionals, and security enthusiasts
  • Explore the nuances of software-centric threat modeling and discover its application to software and systems during the build phase and beyond
  • Apply threat modeling to improve security when managing complex systems
  • Manage potential threats using a structured, methodical framework
  • Discover and discern evolving security threats
  • Use specific, actionable advice regardless of software type, operating system, or program approaches and techniques validated and proven to be effective at Microsoft and other top IT companies

Product details

  • Publisher ‏ : ‎ Wiley
  • Publication date ‏ : ‎ February 17, 2014
  • Edition ‏ : ‎ 1st
  • Language ‏ : ‎ English
  • Print length ‏ : ‎ 624 pages
  • ISBN-10 ‏ : ‎ 1118809998
  • ISBN-13 ‏ : ‎ 978-1118809990
  • Item Weight ‏ : ‎ 2.3 pounds
  • Dimensions ‏ : ‎ 7.4 x 1.4 x 9.2 inches
  • Customer Reviews:
    4.5 out of 5 stars 345 ratings

About the author

Follow authors to get new release updates, plus improved recommendations.
Adam Shostack

Adam Shostack

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read book recommendations and more.

Customer reviews

4.5 out of 5 stars
345 global ratings

Review this product

Share your thoughts with other customers
Write a customer review

Customers say

Customers find this book to be a good textbook on threat modeling, with one review noting how it breaks down complex security concepts into understandable chunks. Moreover, the information quality receives positive feedback, with one customer describing it as the most well-documented approach in the industry. Additionally, customers appreciate the writing style, with one noting it's easy to read and understand.

Select to learn more

Threat modelingInformation qualityValue for moneyWriting style
21 customers mention "Threat modeling"21 positive0 negative

Customers find the book to be a good textbook on threat modeling, with one customer noting how it breaks down complex security concepts into understandable chunks, while another mentions it serves as an ice breaker for non-security minded developers.

"...It breaks down complex security concepts into understandable chunks, making it perfect for both beginners and experts...." Read more

"...Threat modeling increases assurance and offers a standard and structured way to answer "just how secure is this application or..." Read more

"This is THE tome to refer to for abstract threat modeling grounded in realistic examples that do not stray far from what the actual vulnerabilities..." Read more

"...This book attempts to be a complete and detailed history of threat modeling and what works...." Read more

16 customers mention "Information quality"16 positive0 negative

Customers appreciate the book's information quality, with one customer noting it provides a standard and structured approach to threat modeling, while others highlight its practical helps and comprehensive body of knowledge on the topic.

"...on the STRIDE threat modeling method, as it is the most well documented approach in the industry...." Read more

"...This book is a treasure trove of knowledge that’ll elevate your security game to the next level!" Read more

"...Adam's examples are easy to follow and get the point across well...." Read more

"...Threat Modeling: Designing for Security combines both technical detail with pragmatic and actionable advice as to how you can implement threat..." Read more

13 customers mention "Value for money"13 positive0 negative

Customers find the book to be excellent, with one mentioning it serves as the best resource on the market.

"...This is the best resource on the market on the subject of security threat modeling. Court Graham, CISSP, OSCP, CEH, ITIL, PCIP" Read more

"...Fantastic book!" Read more

"...Elevation of Privilege card game is a great ice breaker for non-security minded developers and engineers. Just needs some dice...🤩..." Read more

"This is a great book. It's very helpful if you work in the AppSec or ProdSec space." Read more

4 customers mention "Writing style"4 positive0 negative

Customers appreciate the writing style of the book, with one noting it is easy to read and understand, while another mentions it can be read end to end.

"...It is written in a way that allows you to read through it end to end, or use it as a reference to find out more information on the topics that..." Read more

"not exactly ground breaking but certainly a well written and presented book on the topic. Good to have on the reference shelf." Read more

"...The book is easy to read and understand. Highly recommend for every security professional." Read more

"I like Adam's writing style, and, his style is extremely well suited to his topic which makes the value inside the book accessible to non-cyberpunks..." Read more

Top reviews from the United States

  • Court Graham
    5.0 out of 5 stars The Bible for Information Security Threat Modeling
    Reviewed in the United States on December 11, 2018
    Format: PaperbackVerified Purchase
    The Bible for Information Security Threat Modeling

    I have been an Information Security professional for over 20 years. Threat Modeling has been an elusive goal for a large portion of my career. Having the ability to analyze a proposal, architecture, or existing system is expected from a senior level professional. Unfortunately, too many of us covet the unrealistic ability to quickly perform a thorough, accurate analysis “on the fly”; impressing everyone around us. This is a horrible trait to have, but it is all over the place.
    The threat modeling approach addresses this problem by providing a frameworks that take some of the guesswork out of the equation. Adam Shostack captures the popular methods within this book and touches on some of the pros and cons of each method. In my opinion, Adam places an appropriate amount of focus on the STRIDE threat modeling method, as it is the most well documented approach in the industry. However, he does not slack on explaining alternate methods like LINDDUN and its relationship to data privacy threats. The author also introduces the reader to some of the tools that are on the market or are made available via open source.
    Most importantly, Adam highlights the importance of working with the various stakeholders within an organization to create a threat model. This cast could include but is not limited to, project managers, system administrators, database administrators, network engineers, and information security resources with the point being that threat modeling is not just something that someone with a CISSP can pull out of the air based on shear brilliance, it’s a product of several subject matter experts.
    This is the best resource on the market on the subject of security threat modeling.

    Court Graham, CISSP, OSCP, CEH, ITIL, PCIP
    17 people found this helpful
    Helpful
     Report
  • none ya
    5.0 out of 5 stars Unlock the Secrets to Bulletproof Security Design!
    Reviewed in the United States on March 29, 2024
    Format: PaperbackVerified Purchase
    Just finished reading "Threat Modeling: Designing for Security," and it’s a must-have for anyone in the field! It breaks down complex security concepts into understandable chunks, making it perfect for both beginners and experts. The strategies and insights provided are invaluable for designing impenetrable systems. It’s like having a security expert guiding you through every step of the process. This book is a treasure trove of knowledge that’ll elevate your security game to the next level!
    4 people found this helpful
    Helpful
     Report
  • J. Cameron
    4.0 out of 5 stars Jumps Right In
    Reviewed in the United States on April 7, 2014
    Format: PaperbackVerified Purchase
    From the first chapter I was applying the principles to my job. Adam's examples are easy to follow and get the point across well. I like the EoP game concept and will introduce that at the office when I have a better grasp of the material. It was well worth the price. It gets 4 stars instead of 5 because the editor missed some misspelled words and sequences (like when defining the STRIDE acronym they put the D in front of the I definition...) little stuff that doesn't take away from the content but for us OCD folks can be a minor distraction. I recommend.
    6 people found this helpful
    Helpful
     Report
  • Amazon Customer
    5.0 out of 5 stars Threat modeling is to security as CAVR is to assurance and accounting...a most.
    Reviewed in the United States on February 10, 2018
    Format: PaperbackVerified Purchase
    Adam's Threat Modeling: Designing for Security is a must and required reading for security practitioners. Threat modeling should become standard practice within security programs and Adam's approachable narrative on how to implement threat modeling resonates loud and clear. Threat Modeling: Designing for Security combines both technical detail with pragmatic and actionable advice as to how you can implement threat modeling within your security program. Threat modeling increases assurance and offers a standard and structured way to answer "just how secure is this application or infrastructure?" Having defined attributes that need to be addressed as part of the security review ensures that security weaknesses don't fall through the proverbial cracks. Bottom line, CISOs would be well-served adding threat modeling to their team's required skills. Fantastic book!
    4 people found this helpful
    Helpful
     Report
  • Steve V
    5.0 out of 5 stars A complete threat modeling program in a book
    Reviewed in the United States on April 24, 2014
    Format: PaperbackVerified Purchase
    I purchased this book to get some new tricks and perspectives to add to my existing threat modelling program. I was impressed that it had not only good technical input, anecdotes and examples but also a lot of infrastructure to build a new program. There are sample diagrams, templates and organizational processes that can be used to build a program from scratch. It is a handbook and body of knowledge on the topic.

    It is written from the point of view of software development but the material can be adapted to other applications.

    There is a lot of info here. You can use the book no matter what your level of experience but you will find it an easier read if you have some experience with threat modeling.

    Overall the best work I have seen on the topic.
    10 people found this helpful
    Helpful
     Report
  • Moe
    5.0 out of 5 stars An Exceptional Reference
    Reviewed in the United States on February 14, 2019
    Format: KindleVerified Purchase
    This is THE tome to refer to for abstract threat modeling grounded in realistic examples that do not stray far from what the actual vulnerabilities and threat agents we see everyday. It is written in a way that allows you to read through it end to end, or use it as a reference to find out more information on the topics that concern you. The content really says a lot about the extensive security landscape expertise of the author.

    I cannot recommend this book enough.
    3 people found this helpful
    Helpful
     Report
  • Caddock
    4.0 out of 5 stars worth a read
    Reviewed in the United States on May 22, 2014
    Format: KindleVerified Purchase
    not exactly ground breaking but certainly a well written and presented book on the topic. Good to have on the reference shelf.
    2 people found this helpful
    Helpful
     Report
  • Dave
    5.0 out of 5 stars Threat Modeling explained and applied
    Reviewed in the United States on May 10, 2014
    Format: PaperbackVerified Purchase
    Threat modeling as a discipline was new to me. This book attempts to be a complete and detailed history of threat modeling and what works. Written by an esteemed security expert from Microsoft, it speaks to to not only security practitioners but to program managers and developers. Understanding threat modeling and creating your own threat models is made less "scary" and comes with a game. Yes, it addresses the Agile/Devops movements, so now you have 2 card games to play ("Planning Poker" aka "Scrum Poker" along with "Escalation of Privilege").

    Highly recommended.
    4 people found this helpful
    Helpful
     Report

Top reviews from other countries

Translate all reviews to English
  • Tay Jin Dong
    3.0 out of 5 stars Content
    Reviewed in Singapore on December 27, 2021
    Format: PaperbackVerified Purchase
    Too general
    Report
  • lewisda
    5.0 out of 5 stars Great Stuff A Visual Threat Model
    Reviewed in the United Kingdom on July 11, 2017
    Format: PaperbackVerified Purchase
    This is a great resource on threat modelling. I shows how to threat model in a visual way that can be easily interpreted. It also has links to some playing cards to help indentift threats.
    Report
  • Emerson Polesi
    5.0 out of 5 stars Ótima aquisição
    Reviewed in Brazil on May 17, 2024
    Format: PaperbackVerified Purchase
    Conteúdo excelente, referência para modelagem de ameaças.
    Qualidade do papel e da capa é média, poderia ser melhor pelo preço.
    Report
  • srinivas
    5.0 out of 5 stars Good book on Threatmodeling
    Reviewed in India on December 22, 2021
    Format: PaperbackVerified Purchase
    It is must refer book who are doing security architect.
    Report
  • Fred
    5.0 out of 5 stars La réƒérence
    Reviewed in France on January 14, 2019
    Format: PaperbackVerified Purchase
    L'ouvrage est fichtrement bien articulé autour de la problématique centrale du risque et se veut exhaustif. Le propos est bien illustré et le références sont nombreuses. Sans compter sur le fait que l'auteur est abordable. Je le recommande.
    Report