Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Threat Modeling Gameplay with EoP
  • Table Of Contents Toc
  • Feedback & Rating feedback
Threat Modeling Gameplay with EoP

Threat Modeling Gameplay with EoP

By : Brett Crawley
4.9 (7)
Buy this Book
close
close
Threat Modeling Gameplay with EoP

Threat Modeling Gameplay with EoP

4.9 (7)
By: Brett Crawley
Buy this Book

Overview of this book

Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay. Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems. By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
Free Chapter
1
Chapter 1: Game Play
Icon
Chapter 1: Game Play
Icon
What you’ll need to play the EoP game
Icon
Who should participate?
Icon
How to play EoP
Icon
Summary
2
Chapter 2: Spoofing
Icon
Chapter 2: Spoofing
Icon
2. of Spoofing
Icon
3. of Spoofing
Icon
4. of Spoofing
Icon
5. of Spoofing
Icon
6. of Spoofing
Icon
7. of Spoofing I
Icon
7. of Spoofing II
Icon
8. of Spoofing
Icon
9. of Spoofing I
Icon
9. of Spoofing II
Icon
10. of Spoofing
Icon
Jack of Spoofing
Icon
Queen of Spoofing I
Icon
Queen of Spoofing II
Icon
King of Spoofing I
Icon
King of Spoofing II
Icon
Ace of Spoofing I
Icon
Ace of Spoofing II
Icon
Ace of Spoofing III
Icon
Ace of Spoofing IV
Icon
E. of Spoofing
Icon
Summary
Icon
References
3
Chapter 3: Tampering
chevron up
Icon
Chapter 3: Tampering
Icon
2. of Tampering (2022 deck) I
Icon
2. of Tampering (2022 deck) II
Icon
2. of Tampering (2022 deck) III
Icon
2. of Tampering (2022 deck) IV
Icon
3. of Tampering
Icon
4. of Tampering I
Icon
4. of Tampering II
Icon
5. of Tampering I
Icon
5. of Tampering II
Icon
6. of Tampering
Icon
7. of Tampering I
Icon
7. of Tampering II
Icon
8. of Tampering
Icon
9. of Tampering I
Icon
9. of Tampering II
Icon
10. of Tampering I
Icon
10. of Tampering II
Icon
Jack of Tampering
Icon
Queen of Tampering
Icon
King of Tampering I
Icon
King of Tampering II
Icon
Ace of Tampering I
Icon
Ace of Tampering II
Icon
E of Tampering I
Icon
E of Tampering II
Icon
Summary
4
Chapter 4: Repudiation
Icon
Chapter 4: Repudiation
Icon
The importance of repudiation and its role in security
Icon
2. of Repudiation
Icon
3. of Repudiation
Icon
4. of Repudiation
Icon
5. of Repudiation
Icon
6. of Repudiation I
Icon
6. of Repudiation II
Icon
7. of Repudiation
Icon
8. of Repudiation
Icon
9. of Repudiation
Icon
10. of Repudiation
Icon
Jack of Repudiation
Icon
Queen of Repudiation I
Icon
Queen of Repudiation II
Icon
King of Repudiation I
Icon
King of Repudiation II
Icon
King of Repudiation III
Icon
Ace of Repudiation
Icon
E. of Repudiation
Icon
F. of Repudiation
Icon
G. of Repudiation
Icon
H. of Repudiation I
Icon
H. of Repudiation II
Icon
Summary
5
Chapter 5: Information Disclosure
Icon
Chapter 5: Information Disclosure
Icon
Understanding password management, key management, and cryptography
Icon
2. of Information Disclosure
Icon
3. of Information Disclosure I
Icon
3. of Information Disclosure II
Icon
4. of Information Disclosure
Icon
5. of Information Disclosure
Icon
6. of Information Disclosure
Icon
7. of Information Disclosure
Icon
8. of Information Disclosure I
Icon
8. of Information Disclosure II
Icon
9. of Information Disclosure I
Icon
9. of Information Disclosure II
Icon
10. of Information Disclosure
Icon
Jack of Information Disclosure
Icon
Queen of Information Disclosure
Icon
King of Information Disclosure
Icon
Ace of Information Disclosure I
Icon
Ace of Information Disclosure II
Icon
E of Information Disclosure
Icon
F of Information Disclosure
Icon
Summary
6
Chapter 6: Denial of Service
Icon
Chapter 6: Denial of Service
Icon
2. of Denial of Service I
Icon
2. of Denial of Service II
Icon
3. of Denial of Service I
Icon
3. of Denial of Service II
Icon
3. of Denial of Service (alternative 2022 deck)
Icon
4. of Denial of Service
Icon
4. of Denial of Service (alternative 2022 deck)
Icon
5. of Denial of Service I
Icon
5. of Denial of Service II
Icon
5. of Denial of Service (alternative 2022 deck)
Icon
6. of Denial of Service I
Icon
6. of Denial of Service II
Icon
7. of Denial of Service
Icon
8. of Denial of Service
Icon
9. of Denial of Service
Icon
10. of Denial of Service
Icon
Jack of Denial of Service I
Icon
Jack of Denial of Service II
Icon
Queen of Denial of Service I
Icon
Queen of Denial of Service II
Icon
King of Denial of Service
Icon
Ace of Denial of Service
Icon
E of Denial of Service
Icon
Summary
7
Chapter 7: Elevation of Privilege
Icon
Chapter 7: Elevation of Privilege
Icon
Some important concepts
Icon
2. of Elevation of Privilege (2022 deck)
Icon
3. of Elevation of Privilege (2022 deck) I
Icon
3. of Elevation of Privilege (2022 deck) II
Icon
4. of Elevation of Privilege (2022 deck)
Icon
5. of Elevation of Privilege I
Icon
5. of Elevation of Privilege II
Icon
6. of Elevation of Privilege
Icon
7. of Elevation of Privilege
Icon
8. of Elevation of Privilege
Icon
9. of Elevation of Privilege
Icon
10. of Elevation of Privilege
Icon
Jack of Elevation of Privilege
Icon
Queen of Elevation of Privilege I
Icon
Queen of Elevation of Privilege II
Icon
King of Elevation of Privilege I
Icon
King of Elevation of Privilege II
Icon
Ace of Elevation of Privilege
Icon
Summary
8
Chapter 8: Privacy
Icon
Chapter 8: Privacy
Icon
References used in the chapter
Icon
2 of Privacy
Icon
3 of Privacy
Icon
4. of Privacy
Icon
5. of Privacy
Icon
6. of Privacy
Icon
7. of Privacy
Icon
8. of Privacy
Icon
9. of Privacy
Icon
10. of Privacy
Icon
Jack of Privacy
Icon
Queen of Privacy
Icon
King of Privacy
Icon
Ace of Privacy
Icon
Summary
9
Chapter 9: Transfer
Icon
Chapter 9: Transfer
Icon
References used in the chapter
Icon
2. of Transfer I
Icon
2. of Transfer II
Icon
3. of Transfer
Icon
4. of Transfer
Icon
5. of Transfer
Icon
6. of Transfer
Icon
7. of Transfer
Icon
8. of Transfer I
Icon
8. of Transfer II
Icon
8. of Transfer III
Icon
9. of Transfer
Icon
Ace of Transfer
Icon
Summary
10
Chapter 10: Retention/Removal
Icon
Chapter 10: Retention/Removal
Icon
2. of Retention/Removal
Icon
3. of Retention/Removal I
Icon
3. of Retention/Removal II
Icon
4. of Retention/Removal
Icon
5. of Retention/Removal
Icon
6. of Retention/Removal
Icon
7. of Retention/Removal
Icon
8. of Retention/Removal
Icon
9. of Retention/Removal
Icon
10. of Retention/Removal
Icon
Jack of Retention/Removal
Icon
Ace of Retention/Removal
Icon
Summary
11
Chapter 11: Inference
Icon
Chapter 11: Inference
Icon
2. of Inference
Icon
3. of Inference
Icon
4. of Inference
Icon
5. of Inference
Icon
6. of Inference
Icon
7. of Inference
Icon
8. of Inference
Icon
9. of Inference
Icon
10. of Inference
Icon
Ace of Inference
Icon
Summary
12
Chapter 12: Minimization
Icon
Chapter 12: Minimization
Icon
2. of minimization
Icon
3. of minimization
Icon
4. of minimization
Icon
5. of minimization
Icon
6. of minimization
Icon
Ace of minimization
Icon
Summary
13
Glossary
Icon
Glossary
14
Further Reading
Icon
Books and papers
Icon
Games
15
Licenses for third party content
Icon
CAPEC:
Icon
CWE:
16
Index
Icon
Index
Icon
Why subscribe?
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

King of Tampering II

An attacker can load code inside your process via an extension point:

Threat

image

You’re using object deserialization in Java without verifying the source or ensuring that the content is of the expected type before deserializing it. As a consequence, your system can inadvertently be runtime-loading executable code.

CAPEC

CAPEC-548: Contaminate Resource

CAPEC-242: Code Injection

ASVS

5.5.3 – Ensure you are only allowing deserialization of objects you are allow listing

CWE

CWE-502: Deserialization of Untrusted Data

Mitigations

image
  • Use allow listing to ensure...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 22
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY