Threat modeling
Home > Software Quality Topics > Software Requirements > Threat modeling
Software Quality Topics:
EMAIL THIS
 TOPICS HOME   BROWSE ALL SOFTWARE QUALITY TOPICS   SOFTWARE QUALITY INFO CENTERS   RESOURCE CENTERS     RSS FEEDS 

Threat modeling


Threat modeling tips and advice to help software development teams create secure, quality software
IN THIS TOPIC:  NEWS (18) , EXPERT TECHNICAL ADVICE (55) , REFERENCE & LEARNING (9) , WEBCASTS (2) , DOWNLOADS (1) , BEST WEB LINKS (54)

  NEWS: 1 - 3 of 18
Application security shouldn't involve duct tape, Band-Aids or bubble gum
SearchSoftwareQuality.com | 15 May 2007
ARTICLE - By applying a multilayered approach to application security throughout the SDLC, software ships more securely, closer to the scheduled delivery date and closer to anticipated cost.
Top Web application security threats for 2007
SearchSoftwareQuality.com | 07 Dec 2006
ARTICLE - Web application threats increased significantly in 2006, and they aren't expected to let up. SPI Dynamics identifies which Web trends will be security concerns in 2007.
One simple rule to make your Web apps more secure
SearchSoftwareQuality.com | 19 Oct 2006
INTERVIEW - SPI Dynamics' Caleb Sima recommends developers focus on input validation as a top priority against threats to Web application security, such as SQL injection and XSS.
VIEW ALL NEWS ON THREAT MODELING

  EXPERT TECHNICAL ADVICE: 1 - 3 of 55
THREAT MODELING EXPERTS
Dan Cornell
principal, Denim Group
ASK A QUESTION		 Mary Gorman
senior associate
ASK A QUESTION
The essentials of Web application threat modeling
Submitted By: SearchSoftwareQuality.com | 24 Mar 2008
TIP - A critical part of Web application security is mapping out what's at risk -- or threat modeling. Kevin Beaver outlines the essential steps to get you started.
How to implement security in Java EE and Java ME
18 Jul 2007
EXPERT ANSWER - Web application security in Java EE and Java ME is aided by security architectures inherent in each platform. Expert Ramesh Nagappan explains how to understand these architectures and use them to achieve Java security.
Protection against "zero-minute" exploits
Submitted By: SearchAppSecurity.com | 11 Jan 2007
TIP - The gap of time between a vulnerability's discovery and an attack on that vulnerability is shrinking. Amir Peles delves into "zero-minute" exploits and offers a plan for defense.
VIEW ALL EXPERT TECHNICAL ADVICE ON THREAT MODELING

  REFERENCE & LEARNING: 1 - 3 of 9
Stop SQL injection attacks on applications
07 Feb 2006
FEATURED TOPIC - SQL injection attacks have been known to take down many Web sites and applications. What can you do to protect against these attacks? Learn more in these articles and tips.
How to counter XSS attacks
16 Jan 2006
FEATURED TOPIC - If your Web application fails to validate user input, it could be vulnerable to cross-site exploits. Determine if your application is vulnerable and how to prevent XSS attacks.
Application threats: CSRF, injection attacks and cookie replay
SearchAppSecurity.com | 16 Nov 2006
LEARNING GUIDE - Web application exploits come in a variety of forms. This learning guide includes tips, articles, white papers and expert advice on exploits that don't yet make the headlines
VIEW ALL REFERENCE & LEARNING ON THREAT MODELING

  WEBCASTS: 1 - 2 of 2
Web attacks and how to defeat them - Expert Webcast

VIEW WEBCAST
PREMIERED:   08 JUN 2005, 09:00 EDT (13:00, GMT)
SUMMARY:   Take an in-depth look at how Web sites are attacked and how to reduce the likelihood that an attack is successful.
Simplify Your Security Decision - Vendor Webcast

VIEW WEBCAST
PREMIERED:   05 OCT 2004, 12:00 EDT (16:00, GMT)
SUMMARY:   Today's security threats are more sophisticated, frequent and dangerous than ever before. Traditional antivirus and firewall point products are no longer capable of providing adequate protection. Learn how to simplify this decision with a unified, proactive approach to internet security.
VIEW ALL WEBCASTS ON THREAT MODELING

  DOWNLOADS: 1 - 1 of 1
Injection attacks -- Knowledge and prevention
Published by: SearchAppSecurity.com | 31 Oct 2006
PODCASTS - SQL injection is a major threat to application security, but what of other injection attacks? Caleb Sima dissects these exploits and offers astute prevention tips in this podcast.
VIEW ALL DOWNLOADS ON THREAT MODELING

  BEST WEB LINKS: 1 - 3 of 54
Getting started with threat modeling
J.D. Meier's Blog | 20 Dec 2007
BEST WEB LINK - Using threat modeling you can identify potential security issues to help you shape your application's security design. Not sure how to create a threat model? Here are some links to get you started.
Pro PHP security: Preventing SQL injection
PHPBuilder | 02 Nov 2006
BEST WEB LINK - Securing PHP code from SQL injection vulnerabilities is an important security step, and this book excerpt covers it from ...
Self-contained XSS attacks
GNUCITIZEN | 22 Sep 2006
BEST WEB LINK - This blog post offers insight into an oft-overlooked cross-site scripting attack vector. The author mentions several extremely popular sites that may be vulnerable to this XSS exploit. He also includes an example that clearly ...
VIEW ALL BEST WEB LINKS ON THREAT MODELING

SEE ALSO - Topics Related to Threat modeling: 
Software requirements techniques (Prototyping, Storyboards, Modeling, State transitions), Use cases and misuse cases, Software requirements tools, Building security into the SDLC (Software development life cycle), Software Requirements Documentation


About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts