Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Abstract syntax tree Abuse cases anti-requirements attack models attack patterns attacker motivation benefits of constructive/destructive nature creating description development team example 2nd flyover history of identifying and documenting threats overview process diagram software developers and information security practitioners touchpoint process Academic software security Access control policies, modeling Adversarial security testing Aitel, Dave ALE (Annualized Loss Expectancy) Ambiguity analysis, in architectural risk analysis Anderson, Ross Anti-requirements API Abuse vulnerability kingdom description example phyla APISPY32 Application security badness-ometers limitations of testing tools 2nd versus software security Applied risk management pillar Arc injection attacks Architectural risk analysis .NET security model overview access control policies, modeling ad hoc assets bugs 2nd checklists commercial common themes constructive/destructive nature countermeasures description flaws 2nd flyover forest-level view 2nd getting started impact in the RMF knowledge requirements major activities necessity of one page design overview 2nd practical applications probability process diagram ambiguity analysis attack resistance analysis weakness analysis risk analysis, definition risk calculation impact modern model traditional model risk management, definition risks ROI (return on investment) safeguards software developers and information security practitioners standards-based STRIDE terminology threat modeling versus risk analysis threats touchpoint process ad hoc approach ambiguity analysis attack resistance analysis critical steps examples of flaws 2nd 3rd exploit graphs process diagram weakness analysis vulnerabilities Arciniegas, Fabio Arkin, Brad Array out of bounds 2nd Articles. [See Bibliography] Artifacts, software 2nd 3rd ASP.NET Misconfiguration phylum ASSET Assets, definition Assume nothing AST. [See Abstract syntax tree] Attack classes Attack models Attack patterns knowledge catalog 2nd list of taxonomy of Attack resistance analysis, in architectural risk analysis Attacker motivation Attackers' tools 2nd APISPY32 breakpoint setters control flow coverage decompilers disassemblers fault injectors rootkits shell code Auditing open source applications, tutorial Authentication phylum 2nd Automation Cigital Workbench risk-based security testing |