Learn More About the Threat Modeling and Architecture Review Class

Revision as of 13:37, 12 April 2011 by KateHartmann (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Abstract: Threat Modeling and Architecture Review are the cornerstones of a preventative approach to Application Security. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the threat an application faces and how the application will handle those potential threats. This enables the risk to be accurately assessed and appropriate changes or mitigating controls recommended. From the course outline:

1. Overview

•Scope and problem definition

•High‐level view of the overall process

•Core techniques

2. Threat assessment and modeling

•Overall threat modeling process

•Preparation and background information

•Capturing business and security goals

•Identify vulnerabilities and other risks

•Establish weighting and prioritization of risks

•Guard against risks with compensating controls

•EXERCISE – Threat model a real‐life problem

3. Architecture review techniques



•EXERCISE – Apply the techniques from Authentication and Authorization

•Input validation

•Output encoding

•EXERCISE – Apply the techniques from Input Validation and Output Encoding

•Error handling

•Audit logging

•EXERCISE – Apply the techniques from Error Handling and Audit Logging


•Configuration management

•EXERCISE – Apply the techniques from Encryption and Configuration Management

4. Specifying security requirements

•Writing positive security requirements

•Deriving security requirements from functional requirements

•Thinking broadly about requirements coverage

•Balancing security requirements with functionality