Book review: Threat modeling – a practical guide for development teams
If you are looking for ways to improve your TM practices, you should definitely read Threat Modeling – A practical guide for development teams. This newly released book by Izar Tarandach and Matthew J. Coles is a real gem. It gives practical pointers to get started with threat modeling and covers the dos and don'ts to further strengthen your approach.
While working on the Threat Modeling Manifesto I had the fortune to collaborate with both authors. I therefore had high expectations for this book and am glad to say it did not disappoint. On the contrary!
Izar and Matt, both true threat modeling experts, share their experiences from the threat modeling trenches in a sharp and entertaining way. Don't expect a dry and boring list of facts, but an entertainingly written expert view on threat modeling in practice. The book’s many witty terms, quotes, and sayings are the icing on the cake and will surely make you smile while reading. Who ever claimed that reading about threat modeling can’t be fun?!
What is the book about?
Let’s dig a bit deeper into the book’s contents.
The introduction sets the tone with an extensive yet accessible overview of background information on threat modeling in a very accessible way.
The book continues with advice on system modeling and describes which models are most useful for threat modeling, what additional metadata can be provided to enhance the threat modeling experience, and how you should build such models.
This practical guide then covers various existing threat modeling methodologies for increasing the security posture of a software system. The authors highlight that there is no single best methodology. A particular methodology may work well in some organizations and fail in other. Reasons vary according to the team's culture, the people involved and the constraints put upon the team. All of the covered methodologies are therefore evaluated according to a number of attributes that help you assess which one best fits your needs.
We are honored to have both LINDDUN and LINDDUN GO included, as well as the SPARTA tool, all developed at DistriNet. We are especially thrilled with the kind words of Izar and Matt: "As you can see from SPARTA and LINDDUN, great research is being done at this university in the threat modeling space."
The topic of automated threat modeling is described in detail. A distinction is made between threat modeling from code and threat modeling with code. The emphasis in the book is on the latter, with specific focus on pytm, a very interesting open-source project from the authors themselves. But also other threat modeling tools are covered.
The authors conclude with their continuous threat modeling methodology, which has been successfully used (and improved) for several years at Autodesk. It perfectly aligns with the Manifesto‘s "journey of understanding" value, as it teaches how to threat model every story, get everyone involved, and sharpen the team's secure development knowledge with every iteration.
The book concludes with a series of frequently asked questions that aim to (better) integrate threat modeling into organizations.
In summary: a highly recommended read for everyone who wants to learn more about threat modeling in practice!
Get the book now: https://www.oreilly.com/library/view/threat-modeling/9781492056546/
Also check the recording of the OWASP NYC chapter meetup in which both authors talk about the book and the Threat Modeling Manifesto: https://www.youtube.com/watch?v=RiSIQx-UDuA&feature=youtu.be