Packt+ | Advance your knowledge in tech

You're reading from Hands-On Security in DevOps Ensure continuous security, deployment, and delivery with DevSecOps

Product type Paperback

Published in Jul 2018

Publisher

ISBN-13 9781788995504

Length 356 pages

Edition 1st Edition

Concepts

DevOps

Author (1):

Hsu

View More author details

Table of Contents (28) Chapters

Title Page

Packt Upsell

Contributors

Preface

1. DevSecOps Drivers and Challenges FREE CHAPTER

2. Security Goals and Metrics

3. Security Assurance Program and Organization

4. Security Requirements and Compliance

5. Case Study - Security Assurance Program

6. Security Architecture and Design Principles

7. Threat Modeling Practices and Secure Design

8. Secure Coding Best Practices

9. Case Study - Security and Privacy by Design

10. Security-Testing Plan and Practices

11. Whitebox Testing Tips

12. Security Testing Toolkits

13. Security Automation with the CI Pipeline

14. Incident Response

15. Security Monitoring

16. Security Assessment for New Releases

17. Threat Inspection and Intelligence

18. Business Fraud and Service Abuses

19. GDPR Compliance Case Study

20. DevSecOps - Challenges, Tips, and FAQs

1. Assessments

2. Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Threat modeling with STRIDE

The STRIDE threat model defines threats in six categories, which are spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. It's normally used to assess the architecture design.

The threat STRIDE model and general security mitigation are summarized in the following table. In addition to STRIDE, it's also suggested to include privacy in the analysis:

STRIDE threats	Mitigation
Spoofing	Authentication such as credentials, certificates, and SSH
Tampering	Integrity (HASH256, digital signature)
Repudiation	Authentication, logging
Information Disclosure	Confidentiality (encryption, ACL)
Denial of Service	Availability (load balance, buffer, message queue)
Elevation of Privilege	Authorization (ACL)
Privacy (additionally included)	Data masking, access control, user consent, removal

The analysis of STRIDE analysis normally involves the entity (user, admin, external application), the process (web server, FTP, service), the data store (database...