Threat modeling is a complex topic. There is no exact science that software developers can be taught to enable them to do threat modeling. I stumbled upon Adam Shostack’s MSDN blog discussing threat modeling. Even if you are a Microsoft basher, it’s worthwhile to leave that spirit aside for a while and focus on the content. There are many general guidelines that can be applied in a product development set up. Some of the things that I found interesting:
- Most developers think in terms of developing features, so they are poor in terms of thinking about security. It is, in part, nature of the job, one focuses on the work with most ROI and developers don’t have a quantifiable ROI to think about security.
- Even if a developer engages in threat modeling, in the absence of expert review, how does he validate that his threat modeling is accurate, sufficient, insufficient or even relevant?
- Threat modeling process: clearly outlines the steps that one should take (second blog entry in the series: "The new threat modeling process")
- STRIDE: This is a useful acronym to remember for what common threats to look out ( Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege)
MSDN Blog
Subscribe to:
Post Comments (Atom)
1 comment:
Hello ! This blog would be prettier with the TV blog, no? Visit the site official: www.br-tv-online.com
Post a Comment