A critical part of Web application security is mapping out what's at risk -- a process called threat modeling. The term "threat" modeling is actually a misnomer. It's more like "vulnerability" or "risk" modeling, since we're technically looking at weaknesses and their consequences -- not the actual indication of intent to cause disruption (a threat).
Semantics aside, threat modeling -- even at a high level -- needs to be on your radar and part of your development process if Web application security is important to your business. Think about it. There's a lot happening within your Web applications that you may not be aware of. It's really easy to fall into the trap of assuming all's well in Web-land as long as the basics of a firewall, SSL, and strong passwords are in place. This dangerous assumption boils down to not really knowing what's at risk. It's the bane of information security today.
Let threat modeling help fill the gaps. It really does work. Here are the essential steps for getting started:
In essence, threat modeling is analyzing your Web application to find out what information flows where, outlining who can do what and when, and determining the worst that can happen. You can do all of this manually or you can use a software-based modeling tool such as Amenaza's SecurITree to help. If you have a large development team or a complex application, I recommend using a tool if you can. It can really speed up the process, and it looks pretty for the higher-ups to boot.
Given that threat modeling affects the entire development lifecycle, it's really something that
To continue reading for free, register below or login
To read more you must become a member of SearchSoftwareQuality.com
needs to be done during the design phase if at all possible. So, now is probably a good time to get started. That said, don't let threat modeling drive your entire project or get in the way of your development efforts. I see all too often where developers and their managers obsess over this stuff to the point that it does more harm than good -- especially at first. Don't drain the ocean and attempt to do everything possible to lock down your application's security. You'll just get in the way of yourself.
Instead, combine these techniques with some common sense and build out your threat modeling capabilities over the next few years and project iterations. It won't fix everything at once, but this one-bite-at-a-time approach will help get more people on board and allow your team to ease into the techniques and malicious mindset needed for effective threat modeling. In turn, you'll build better processes and bake security in up front so you don't have to worry about it as much in the future.
-----------------------------------------
About the author: Kevin Beaver is an independent information security consultant, speaker, and expert witness with Atlanta-based Principle Logic, LLC where he specializes in performing independent security assessments. Kevin has authored/co-authored six books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels blog and information security audio books providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.
