Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Threat Modeling Gameplay with EoP
  • Table Of Contents Toc
  • Feedback & Rating feedback
Threat Modeling Gameplay with EoP

Threat Modeling Gameplay with EoP

By : Brett Crawley
4.9 (7)
close
close
Threat Modeling Gameplay with EoP

Threat Modeling Gameplay with EoP

4.9 (7)
By: Brett Crawley

Overview of this book

Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay. Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems. By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.
Table of Contents (18 chapters)
close
close
13
Glossary
14
Further Reading
15
Licenses for third party content

5. of Denial of Service I

An attacker can make a client unavailable or unusable without ever authenticating, but the problem goes away when the attacker stops (client, anonymous, temporary).

Threat

image

The attacker is sitting between the client and the server, performing deep packet inspection and selectively dropping packets to block access to the endpoint.

CAPEC

CAPEC-590 – IP address blocking

ASVS

N/A

CWE

N/A

Mitigations

image

  • Alert if packet loss exceeds a predefined threshold
  • Use network diagnostic tools such as traceroute to determine the path being taken
  • Automate rerouting...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY