- Table View
- List View
This Is Why We Can't Have Nice Things
by Whitney PhillipsInternet trolls live to upset as many people as possible, using all the technical and psychological tools at their disposal. They gleefully whip the media into a frenzy over a fake teen drug crisis; they post offensive messages on Facebook memorial pages, traumatizing grief-stricken friends and family; they use unabashedly racist language and images. They take pleasure in ruining a complete stranger's day and find amusement in their victim's anguish. In short, trolling is the obstacle to a kinder, gentler Internet. To quote a famous Internet meme, trolling is why we can't have nice things online. Or at least that's what we have been led to believe. In this provocative book, Whitney Phillips argues that trolling, widely condemned as obscene and deviant, actually fits comfortably within the contemporary media landscape. Trolling may be obscene, but, Phillips argues, it isn't all that deviant. Trolls' actions are born of and fueled by culturally sanctioned impulses -- which are just as damaging as the trolls' most disruptive behaviors. Phillips describes, for example, the relationship between trolling and sensationalist corporate media -- pointing out that for trolls, exploitation is a leisure activity; for media, it's a business strategy. She shows how trolls, "the grimacing poster children for a socially networked world," align with social media. And she documents how trolls, in addition to parroting media tropes, also offer a grotesque pantomime of dominant cultural tropes, including gendered notions of dominance and success and an ideology of entitlement. We don't just have a trolling problem, Phillips argues; we have a culture problem. This Is Why We Can't Have Nice Things isn't only about trolls; it's about a culture in which trolls thrive.
This Is Why We Can't Have Nice Things: Mapping the Relationship between Online Trolling and Mainstream Culture (The\mit Press Ser.)
by Whitney PhillipsWhy the troll problem is actually a culture problem: how online trolling fits comfortably within today's media landscape.Internet trolls live to upset as many people as possible, using all the technical and psychological tools at their disposal. They gleefully whip the media into a frenzy over a fake teen drug crisis; they post offensive messages on Facebook memorial pages, traumatizing grief-stricken friends and family; they use unabashedly racist language and images. They take pleasure in ruining a complete stranger's day and find amusement in their victim's anguish. In short, trolling is the obstacle to a kinder, gentler Internet. To quote a famous Internet meme, trolling is why we can't have nice things online. Or at least that's what we have been led to believe. In this provocative book, Whitney Phillips argues that trolling, widely condemned as obscene and deviant, actually fits comfortably within the contemporary media landscape. Trolling may be obscene, but, Phillips argues, it isn't all that deviant. Trolls' actions are born of and fueled by culturally sanctioned impulses—which are just as damaging as the trolls' most disruptive behaviors. Phillips describes, for example, the relationship between trolling and sensationalist corporate media—pointing out that for trolls, exploitation is a leisure activity; for media, it's a business strategy. She shows how trolls, “the grimacing poster children for a socially networked world,” align with social media. And she documents how trolls, in addition to parroting media tropes, also offer a grotesque pantomime of dominant cultural tropes, including gendered notions of dominance and success and an ideology of entitlement. We don't just have a trolling problem, Phillips argues; we have a culture problem. This Is Why We Can't Have Nice Things isn't only about trolls; it's about a culture in which trolls thrive.
This Is for Everyone: The Unfinished Story of the World Wide Web
by Tim Berners-LeeA Sunday Times BestsellerThe inventor of the World Wide Web explores his vision’s promise—and how it can be redeemed for the future.Perhaps the most influential inventor of the modern world, Sir Tim Berners-Lee is a different kind of technologist. Born in the same year as Bill Gates and Steve Jobs, he famously distributed his invention, the World Wide Web, for no commercial reward. Its widespread adoption changed everything—transforming humanity into the first digital species. Through the web, we live, work, dream, quarrel, and connect.In this intimate memoir, Berners-Lee tells the story of his iconic invention, exploring how it launched a new era of creativity and collaboration while unleashing powerful forces that imperil truth and privacy and polarize public debate. With his trademark humor and candor, he recounts how he arrived at CERN, the European Laboratory for Particle Physics, as a young engineer, and soon came up with the astonishing idea of adding hyperlinks to the then-nascent Internet. His goal was to unleash a wave of creativity and collaboration for the benefit of all—a goal he’s pursued to this day.Peppered with rich anecdotes and amusing reflections, This Is for Everyone is a gripping, in-the-room account of the rise of the digital world. As the rapid development of artificial intelligence brings new risks and possibilities, Berners-Lee also offers a crucial guide to the decisions ahead—and shows how our digital lives can be reengineered for the sake of human flourishing rather than profit or for power.
This Machine Kills Secrets
by Andy GreenbergWho Are The Cypherpunks? This is the unauthorized telling of the revolutionary cryptography story behind the motion picture The Fifth Estate in theatres this October, and We Steal Secrets: The Story of Wikileaks, a documentary out now. WikiLeaks brought to light a new form of whistleblowing, using powerful cryptographic code to hide leakers' identities while they spill the private data of government agencies and corporations. But that technology has been evolving for decades in the hands of hackers and radical activists, from the libertarian enclaves of Northern California to Berlin to the Balkans. And the secret-killing machine continues to evolve beyond WikiLeaks, as a movement of hacktivists aims to obliterate the world's institutional secrecy. Forbes journalist Andy Greenberg has traced its shadowy history from the cryptography revolution of the 1970s to Wikileaks founding hacker Julian Assange, Anonymous, and beyond. This is the story of the code and the characters--idealists, anarchists, extremists--who are transforming the next generation's notion of what activism can be. With unrivaled access to such major players as Julian Assange, Daniel Domscheit-Berg, and WikiLeaks' shadowy engineer known as the Architect, never before interviewed, Greenberg unveils the world of politically-motivated hackers--who they are and how they operate.
This Program Is Brought to You By...
by Joshua A. BraunJournalism, television, cable, and online media are all evolving rapidly. At the nexus of these volatile industries is a growing group of individuals and firms whose job it is to develop and maintain online distribution channels for television news programming. Their work, and the tensions surrounding it, provide a fulcrum from which to pry analytically at some of the largest shifts within our media landscape. Based on fieldwork and interviews with different teams and organizations within MSNBC, this multi-disciplinary work is unique in its focus on distribution, which is rapidly becoming as central as production, to media work.
This Was CNN: How Sex, Lies, and Spies Undid the World's Worst News Network
by Kent Heckenlively Cary PoarchA CNN insider reveals what he saw behind the scenes at the cable news giant and the investigation that revealed even more shocking secrets.Cary Poarch started working at CNN in the summer of 2017 as a die-hard Bernie Sanders supporter. But on his first location shoot during the Charlottesville riots, he quickly became disillusioned with how the network created the &“fine people&” hoax. This began a political odyssey as he documented numerous incidents of outright bias, eventually leading him to contact James O&’Keefe of Project Veritas. For months, Cary Poarch documented CNN&’s rampant political bias for Project Veritas, and saw how the network was dividing the country. When the story was released by Project Veritas, it was seen by millions. This book continues his investigation and uncovers even more shocking information about the behavior of network personnel, CNN&’s ties to the Biden White House, CNN&’s creation of a terrifying digital warfare capacity, and the possible penetration of CNN by our own intelligence agencies. Cary partnered with two time New York Times bestselling author, Kent Heckenlively, and together they uncovered even more shocking secrets about &“the most trusted name in news.
Thoracic Image Analysis: Second International Workshop, TIA 2020, Held in Conjunction with MICCAI 2020, Lima, Peru, October 8, 2020, Proceedings (Lecture Notes in Computer Science #12502)
by Sarah Gerard Jens Petersen Kensaku Mori Colin Jacobs Bianca Lassen-Schmidt Raúl San José Estépar Alexander Schmidt-Richberg Reinhard BeichelThis book constitutes the proceedings of the Second International Workshop on Thoracic Image Analysis, TIA 2020, held in Lima, Peru, in October 2020. Due to COVID-19 pandemic the conference was held virtually. COVID-19 infection has brought a lot of attention to lung imaging and the role of CT imaging in the diagnostic workflow of COVID-19 suspects is an important topic. The 14 full papers presented deal with all aspects of image analysis of thoracic data, including: image acquisition and reconstruction, segmentation, registration, quantification, visualization, validation, population-based modeling, biophysical modeling (computational anatomy), deep learning, image analysis in small animals, outcome-based research and novel infectious disease applications.
Thoreau's Axe: Distraction and Discipline in American Culture
by Caleb SmithHow nineteenth-century “disciplines of attention” anticipated the contemporary concern with mindfulness and being “spiritual but not religious”Today, we’re driven to distraction, our attention overwhelmed by the many demands upon it—most of which emanate from our beeping and blinking digital devices. This may seem like a decidedly twenty-first-century problem, but, as Caleb Smith shows in this elegantly written, meditative work, distraction was also a serious concern in American culture two centuries ago. In Thoreau’s Axe, Smith explores the strange, beautiful archives of the nineteenth-century attention revival—from a Protestant minister’s warning against frivolous thoughts to Thoreau’s reflections on wakefulness at Walden Pond. Smith examines how Americans came to embrace attention, mindfulness, and other ways of being “spiritual but not religious,” and how older Christian ideas about temptation and spiritual devotion endure in our modern ideas about distraction and attention.Smith explains that nineteenth-century worries over attention developed in response to what were seen as the damaging mental effects of new technologies and economic systems. A “wandering mind,” once diagnosed, was in need of therapy or rehabilitation. Modeling his text after nineteenth-century books of devotion, Smith offers close readings of twenty-eight short passages about attention. Considering social reformers who designed moral training for the masses, religious leaders who organized Christian revivals, and spiritual seekers like Thoreau who experimented with regimens of simplified living and transcendental mysticism, Smith shows how disciplines of attention became the spiritual exercises of a distracted age.
Thorium Reader Tutorial
by Bookshare IndiaThorium Reader is the best free reading application for EPUB, PDF, DAISY 3, ebooks, audiobooks and digital comics having a modern UI.
Thoughtful Data Science: A Programmer’s Toolset for Data Analysis and Artificial Intelligence with Python, Jupyter Notebook, and PixieDust
by David TaiebBridge the gap between developer and data scientist by creating a modern open-source, Python-based toolset that works with Jupyter Notebook, and PixieDust.Key FeaturesThink deeply as a developer about your strategy and toolset in data science Discover the best tools that will suit you as a developer in your data analysis Accelerate the road to data insight as a programmer using Jupyter NotebookDeep dive into multiple industry data science use cases Book DescriptionThoughtful Data Science brings new strategies and a carefully crafted programmer's toolset to work with modern, cutting-edge data analysis. This new approach is designed specifically to give developers more efficiency and power to create cutting-edge data analysis and artificial intelligence insights.Industry expert David Taieb bridges the gap between developers and data scientists by creating a modern open-source, Python-based toolset that works with Jupyter Notebook, and PixieDust. You'll find the right balance of strategic thinking and practical projects throughout this book, with extensive code files and Jupyter projects that you can integrate with your own data analysis.David Taieb introduces four projects designed to connect developers to important industry use cases in data science. The first is an image recognition application with TensorFlow, to meet the growing importance of AI in data analysis. The second analyses social media trends to explore big data issues and natural language processing. The third is a financial portfolio analysis application using time series analysis, pivotal in many data science applications today. The fourth involves applying graph algorithms to solve data problems. Taieb wraps up with a deep look into the future of data science for developers and his views on AI for data science.What you will learnBridge the gap between developer and data scientist with a Python-based toolsetGet the most out of Jupyter Notebooks with new productivity-enhancing tools Explore and visualize data using Jupyter Notebooks and PixieDust Work with and assess the impact of artificial intelligence in data science Work with TensorFlow, graphs, natural language processing, and time seriesDeep dive into multiple industry data science use cases Look into the future of data analysis and where to develop your skillsWho this book is forThis book is for established developers who want to bridge the gap between programmers and data scientists. With the introduction of PixieDust from its creator, the book will also be a great desk companion for the already accomplished Data Scientist. Some fluency in data interpretation and visualization is also assumed since this book addresses data professionals such as business and general data analysts. It will be helpful to have some knowledge of Python, using Python libraries, and some proficiency in web development.
Thoughtful Interaction Design: A Design Perspective on Information Technology
by Jonas Löwgren Erik StoltermanThe authors of Thoughtful Interaction Design go beyond the usual technical concerns of usability and usefulness to consider interaction design from a design perspective. The shaping of digital artifacts is a design process that influences the form and functions of workplaces, schools, communication, and culture; the successful interaction designer must use both ethical and aesthetic judgment to create designs that are appropriate to a given environment. This book is not a how-to manual, but a collection of tools for thought about interaction design. Working with information technology--called by the authors "the material without qualities"--interaction designers create not a static object but a dynamic pattern of interactivity. The design vision is closely linked to context and not simply focused on the technology. The authors' action-oriented and context-dependent design theory, drawing on design theorist Donald Schon's concept of the reflective practitioner, helps designers deal with complex design challenges created by new technology and new knowledge. Their approach, based on a foundation of thoughtfulness that acknowledges the designer's responsibility not only for the functional qualities of the design product but for the ethical and aesthetic qualities as well, fills the need for a theory of interaction design that can increase and nurture design knowledge. From this perspective they address the fundamental question of what kind of knowledge an aspiring designer needs, discussing the process of design, the designer, design methods and techniques, the design product and its qualities, and conditions for interaction design.
Thoughtful Interaction Design: A Design Perspective on Information Technology (The\mit Press Ser.)
by Erik Stolterman Jonas LowgrenThe authors of Thoughtful Interaction Design go beyond the usual technical concerns of usability and usefulness to consider interaction design from a design perspective. The shaping of digital artifacts is a design process that influences the form and functions of workplaces, schools, communication, and culture; the successful interaction designer must use both ethical and aesthetic judgment to create designs that are appropriate to a given environment. This book is not a how-to manual, but a collection of tools for thought about interaction design.Working with information technology—called by the authors "the material without qualities"—interaction designers create not a static object but a dynamic pattern of interactivity. The design vision is closely linked to context and not simply focused on the technology. The authors' action-oriented and context-dependent design theory, drawing on design theorist Donald Schön's concept of the reflective practitioner, helps designers deal with complex design challenges created by new technology and new knowledge. Their approach, based on a foundation of thoughtfulness that acknowledges the designer's responsibility not only for the functional qualities of the design product but for the ethical and aesthetic qualities as well, fills the need for a theory of interaction design that can increase and nurture design knowledge. From this perspective they address the fundamental question of what kind of knowledge an aspiring designer needs, discussing the process of design, the designer, design methods and techniques, the design product and its qualities, and conditions for interaction design.
Thoughtful Machine Learning with Python: A Test-Driven Approach
by Matthew KirkGain the confidence you need to apply machine learning in your daily work. With this practical guide, author Matthew Kirk shows you how to integrate and test machine learning algorithms in your code, without the academic subtext.Featuring graphs and highlighted code examples throughout, the book features tests with Python’s Numpy, Pandas, Scikit-Learn, and SciPy data science libraries. If you’re a software engineer or business analyst interested in data science, this book will help you:Reference real-world examples to test each algorithm through engaging, hands-on exercisesApply test-driven development (TDD) to write and run tests before you start codingExplore techniques for improving your machine-learning models with data extraction and feature developmentWatch out for the risks of machine learning, such as underfitting or overfitting dataWork with K-Nearest Neighbors, neural networks, clustering, and other algorithms
Thoughtful Machine Learning: A Test-Driven Approach
by Matthew KirkLearn how to apply test-driven development (TDD) to machine-learning algorithms—and catch mistakes that could sink your analysis. In this practical guide, author Matthew Kirk takes you through the principles of TDD and machine learning, and shows you how to apply TDD to several machine-learning algorithms, including Naive Bayesian classifiers and Neural Networks.Machine-learning algorithms often have tests baked in, but they can’t account for human errors in coding. Rather than blindly rely on machine-learning results as many researchers have, you can mitigate the risk of errors with TDD and write clean, stable machine-learning code. If you’re familiar with Ruby 2.1, you’re ready to start.Apply TDD to write and run tests before you start codingLearn the best uses and tradeoffs of eight machine learning algorithmsUse real-world examples to test each algorithm through engaging, hands-on exercisesUnderstand the similarities between TDD and the scientific method for validating solutionsBe aware of the risks of machine learning, such as underfitting and overfitting dataExplore techniques for improving your machine-learning models or data extraction
Thoughts of Dog
by Matt NelsonJoin a dog and their stuffed &“fren&” sebastian as they navigate life&’s adventures through the most wholesome lens imaginable.The mastermind behind WeRateDogs, Matt Nelson, expands the Thoughts of Dog universe born on social media with his new book for anyone looking for a smile.
Thousands of Images, Now What
by Mike HagenTackle the challenges of digital photo file management!If you find yourself with more digital photos than you know what to do with or at a loss as to how to begin organizing them all, then Digital Asset Management (DAM) is your solution. This incredibly helpful book answers such common questions as: how should I manage the sheer volume of images? How can I make sure my pictures are safely backed-up? How can I efficiently categorize my images so that I can quickly find the one I'm seeking? Professional photographer and author Mike Hagen shows you how to organize, save, and back-up your digital photos by creating a filing and back-up system that are both efficient and effective. He walks you through the steps necessary to successfully maintain an orderly archiving system so that you can quickly store, save, and retrieve your images. Digital Asset Management (DAM) helps you organize, save, and back-up your digital photosExplains how to efficiently and effectively create an intuitive filing system that is right for you Answers frequently asked questions regarding storing, saving, and retrieving imagesEncourages you to create a successful digital photo archive that, once created, will be easy to maintain and use Say "so long" to your days of being a digital photo pack rat when you put this easy-to-understand, helpful book to use!
Thread and Data Mapping for Multicore Systems: Improving Communication and Memory Accesses (SpringerBriefs in Computer Science)
by Eduardo H. M. Cruz Matthias Diener Philippe O. A. NavauxThis book presents a study on how thread and data mapping techniques can be used to improve the performance of multi-core architectures.It describes how the memory hierarchy introduces non-uniform memory access, and how mapping can be used to reduce the memory access latency in current hardware architectures.On the software side, this book describes the characteristics present in parallel applications that are used by mapping techniques to improve memory access.Several state-of-the-art methods are analyzed, and the benefits and drawbacks of each one are identified.
Threat Assessment and Management Strategies: Identifying the Howlers and Hunters, Second Edition
by Stephen W. Weston J.D. Frederick S. CalhounThe field of threat assessment and the research surrounding it have exploded since the first edition of Threat Assessment and Management Strategies: Identifying the Howlers and Hunters. To reflect those changes, this second edition contains more than 100 new pages of material, including several new chapters, charts, and illustrations, as well as up
Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks
by Chris Peiris Binil Pillai Abbas KudratiImplement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors. You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation. With this book you'll learn: Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment Metrics available to assess threat hunting effectiveness regardless of an organization's size How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs) Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices. Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
Threat Hunting with Elastic Stack: Solve complex security challenges with integrated prevention, detection, and response
by Andrew PeaseGet hands-on with advanced threat analysis techniques by implementing Elastic Stack security features with the help of practical examplesKey FeaturesGet started with Elastic Security configuration and featuresUnderstand how to use Elastic Stack features to provide optimal protection against threatsDiscover tips, tricks, and best practices to enhance the security of your environmentBook DescriptionElastic Security is an open solution that equips professionals with the tools to prevent, detect, and respond to threats. Threat Hunting with Elastic Stack will show you how to make the best use of Elastic Security to provide optimal protection against cyber threats. With this book, security practitioners working with Kibana will be able to put their knowledge to work and detect malicious adversary activity within their contested network. You'll take a hands-on approach to learning the implementation and methodologies that will have you up and running in no time. Starting with the foundational parts of the Elastic Stack, you'll explore analytical models and how they support security response and finally leverage Elastic technology to perform defensive cyber operations. You'll then cover threat intelligence analytical models, threat hunting concepts and methodologies, and how to leverage them in cyber operations. Further, you'll apply the knowledge you've gained to build and configure your own Elastic Stack, upload data, and explore that data directly as well as by using the built-in tools in the Kibana app to hunt for nefarious activities. By the end of this book, you'll be able to build an Elastic Stack for self-training or to monitor your own network and/or assets and use Kibana to monitor and hunt for adversaries within your network.What you will learnExplore cyber threat intelligence analytical models and hunting methodologiesBuild and configure Elastic Stack for cyber threat huntingLeverage the Elastic endpoint and Beats for data collectionPerform security data analysis using the Kibana Discover, Visualize, and Dashboard appsExecute hunting and response operations using the Kibana Security appUse Elastic Common Schema to ensure data uniformity across organizationsWho this book is forSecurity analysts, cybersecurity enthusiasts, information systems security staff, or anyone who works with the Elastic Stack for security monitoring, incident response, intelligence analysis, or threat hunting will find this book useful. Basic working knowledge of IT security operations and network and endpoint systems is necessary to get started.
Threat Level Red: Cybersecurity Research Programs of the U.S. Government
by Michael ErbschloeThere is extensive government research on cyber security science, technology, and applications. Much of this research will be transferred to the private sector to aid in product development and the improvement of protective measures against cyber warfare attacks. This research is not widely publicized. There are initiatives to coordinate these research efforts but there has never been a published comprehensive analysis of the content and direction of the numerous research programs. This book provides private sector developers, investors, and security planners with insight into the direction of the U.S. Government research efforts on cybersecurity.
Threat Modeling
by Frank Swiderski Window Snyder<div xmlns="http://www.w3.org/1999/xhtml"><p>Delve into the threat modeling methodology used by Microsoft\u2019s security experts to identify security risks, verify an application\u2019s security architecture, and develop countermeasures in the design, coding, and testing phases.</p></div>
Threat Modeling
by Izar Tarandach Matthew J. ColesThreat modeling is one of the most essential--and most misunderstood--parts of the development lifecycle. Whether you're a security practitioner or a member of a development team, this book will help you gain a better understanding of how you can apply core threat modeling concepts to your practice to protect your systems against threats.Contrary to popular belief, threat modeling doesn't require advanced security knowledge to initiate or a Herculean effort to sustain. But it is critical for spotting and addressing potential concerns in a cost-effective way before the code's written--and before it's too late to find a solution. Authors Izar Tarandach and Matthew Coles walk you through various ways to approach and execute threat modeling in your organization.Explore fundamental properties and mechanisms for securing data and system functionalityUnderstand the relationship between security, privacy, and safetyIdentify key characteristics for assessing system securityGet an in-depth review of popular and specialized techniques for modeling and analyzing your systemsView the future of threat modeling and Agile development methodologies, including DevOps automationFind answers to frequently asked questions, including how to avoid common threat modeling pitfalls
Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture
by Brett CrawleyWork with over 150 real-world examples of threat manifestation in software development and identify similar design flaws in your systems using the EoP game, along with actionable solutionsKey FeaturesApply threat modeling principles effectively with step-by-step instructions and support materialExplore practical strategies and solutions to address identified threats, and bolster the security of your software systemsDevelop the ability to recognize various types of threats and vulnerabilities within software systemsPurchase of the print or Kindle book includes a free PDF eBookBook DescriptionAre you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay. Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems. By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.What you will learnUnderstand the Elevation of Privilege card game mechanicsGet to grips with the S.T.R.I.D.E. threat modeling methodologyExplore the Privacy and T.R.I.M. extensions to the gameIdentify threat manifestations described in the gamesImplement robust security measures to defend against the identified threatsComprehend key points of privacy frameworks, such as GDPR to ensure complianceWho this book is forThis book serves as both a reference and support material for security professionals and privacy engineers, aiding in facilitation or participation in threat modeling sessions. It is also a valuable resource for software engineers, architects, and product managers, providing concrete examples of threats to enhance threat modeling and develop more secure software designs. Furthermore, it is suitable for students and engineers aspiring to pursue a career in application security. Familiarity with general IT concepts and business processes is expected.
Threat Modeling: Designing for Security
by Adam ShostackThe only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.