Application Threat Modeling

From OWASP
Revision as of 16:38, 28 June 2008 by Davidlowry (talk | contribs) (Applicaiton Threat Modeling moved to Application Threat Modeling: Application was spelt incorrectly.)

Jump to: navigation, search
OWASP Code Review Guide Table of Contents

Introduction

Threat Modeling is an approach to application reviews which can help developers and security professionals identify threats, attacks, vulnerabilities and countermeasures which could effect an application.

Threat Modeling can help to ensure that applications are being developed with security built in and any potential threats to the applications have been identified and mitigated. Threat Modeling can also improve general security knowledge within a development teams because it becomes a step in the SDLC and not a separate security only process.

The idea of Threat Modeling isn't new but Microsoft have championed the process over the past few years. Microsoft have made threat modeling a core component of their SDL which they claim to be one of the reasons for the increased security of their products in recent years.

Threat modeling is not an approach to reviewing code but the process should ensure that code being produced has security built in. This should allow the reviewer to understand the where the entry points in an application are and the associated threats with each point.

Identify threats

Understand discovered threats

Threat categorization / Business impact

Data Flow Diagrams

Countermeasures

Assessment

Planning a security assessment or code review based on the threat model deleverable.