Feb
26

Threat Risk Modeling

When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time and money on useless controls that fail to focus on the real risks.

The method used to assess risk is not nearly as important as actually performing a structured threat risk modeling. Microsoft notes that the single most important factor in their security improvement program was the corporate adoption of threat risk modeling.

OWASP recommends Microsoft’s threat modeling process because it works well for addressing the unique challenges facing web application security and is simple to learn and adopt by designers, developers, code reviewers, and the quality assurance team.

Threat Risk Modeling

Threat risk modeling is an essential process for secure web application development. It allows organizations to determine the correct controls and to produce effective countermeasures within budget. For example, there is little point in spending $100,000 for fraud control for a system that has negligible fraud risk

threat_model_flow

Microsoft Threat Modeling Process

The threat risk modeling process has five steps, enumerated below and shown graphically in Figure 1. They are:

  1. Identify Security Objectives
  2. Survey the Application
  3. Decompose it
  4. Identify Threats
  5. Identify Vulnerabilities

Download:Microsoft Threat Analysis & Modeling

Tags: ,

Posted by Ashish Bobade Concept, Security Subscribe to RSS feed

Other Interesting Articles:

  • Application Security: The Missing Pillar of Software Quality
  • OWASP AppSec Academia Symposium @ UCI – CALL FOR PRESENTATIONS/RESEARCH PAPERS
  • What Are You Worth On The Black Market?
  • Svchost a Virus or Windows Utility?
  • Broadband WiFi router security issue
  • A Rogue Security Application: Fake Virus Alert
  • Microsoft offering free anti-virus
  • Domain Hijacking
  • A list of the top 10 most critical Web application security problems
  • E-mail Spoofing: Threat to E-mails
  • Encrypt-Stick acts as a personal key to your computer
  • Acunetix Web Vulnerability Scanner
  • Security Testing Tools by Microsoft
  • Google throws an OS at Microsoft
  • Security Testing
  • WebGoat deliberately insecure web application
  • WordPress Security Tips
  • Why You Need To Secure Your Web Applications
  • Danger Of Sharing Information On Social Networking Sites
  • Google Webapplication Security Scanner

    • Leave a Reply

    You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>