Threat Modeling
Designing for Security
Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Adam Shostack
- Published
- 2014
- Publisher
- Wiley
- Pages
- 624
- Language
- English
Read this if
Anyone who designs systems and wants to ship fewer bugs in production. Threat modeling is the highest-leverage security practice for developers; this is the book that finally made it teachable.
Skip this if
Readers wanting a quick checklist or a one-pager. Shostack is comprehensive: STRIDE, attack trees, data-flow diagrams, the kill chain, all with extended worked examples. Skim-reading is a waste of the book.
Key takeaways
- STRIDE is a forcing function for systematic thinking, not a complete model; the book teaches you when to use it and when to switch frames (attack trees, attacker personas, kill chains).
- Most "threat modeling tools" are spreadsheet-with-diagrams; the actual lift is the conversation those tools structure, not the document.
- Threat modeling fits inside agile and works at PR-review timescale once you've done it three or four times; the book makes the case repeatedly with examples.
Notes
Pair with Designing Secure Software (Kohnfelder) for the patterns, and with Security Engineering (Anderson) for the systems-level case studies. Shostack's blog and the OWASP Threat Modeling project are the natural follow-ups. If we could hand one book to an engineering org and watch it ship better software in six months, this would be the one.
What to read before
What to read before Threat Modeling →Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
Beginner · 2020
Web Security for Developers
Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.
Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
What to read next
What to read after Threat Modeling →Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
Intermediate · 2010
Cryptography Engineering
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Advanced · 2020
Building Secure and Reliable Systems
Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.
Explore similar books
Alternatives to Threat Modeling →Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
Intermediate · 2010
Cryptography Engineering
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Intermediate · 2021
Real-World Cryptography
David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.