There are a couple of new Threat Modeling books released in May, 2015 that I have been interested in reading and reviewing. I received both a few days ago and will post my reviews on each individually over the next few weeks.
The first book is Securing Systems: Applied Security Architecture and Threat Models (Amazon) by Brook S.E. Schoenfield (@BrkSchoenfield).
The book emphasizes security architecture, with a focus on the role of the security architect and how they can be effective in performing security assessments of a system for threats and where to apply proper mitigations. There are steps listed for how to perform these security assessments. Also, there are six sample assessments included for review. I only learned about this book recently - it seems to be a good follow up to the book Core Software Security: Security at the Source (Amazon), which was co-authored by Brook Schoenfield.
The second book is Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis (Amazon) by Tony UcedaVelez (@t0nyuv) and Marco M. Morana (@threatmodeling).
This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. I briefly mentioned this book in my Security BSides Boston talk on "Is Threat Modeling for Me?" in May here (video) and here (slides). This book describes how to apply application threat modeling as an advanced preventive form of security by discussing the methodologies, tools, and case studies of successful application threat modeling techniques.
I look forward to reading and reviewing both as each are relevant to my own work in security architecture and threat modeling. Stay tuned.
