Tip

Improve Web application security with threat modeling

Those responsible for enterprise information security often do not have an in-depth understanding of how the applications that need to be protected actually work. This tends to lead to overly defensive security controls being introduced, and one reason why information security is so often seen as a hindrance instead of a business benefit. Conversely, developers often don't realize the security implications of particular features and functions that they wish to incorporate into their applications.

To resolve this problem of security versus usability, most infosec practitioners agree that the industry needs to improve

    Requires Free Membership to View

security in the software development life cycle. As part of this process, many development teams have started using threat modeling.

Threat modeling: Underlying security and business benefits
Threat modeling not only raises security awareness amongst developers, but also makes application security an integral part of the application design and development process. It is a great way to help an organization bridge the knowledge gap between information security and development professionals.

More on Web application security

Learn how to combat software security flaws.

Review these guidelines for Web application development best practices.

Performed during the application design stage, threat modeling identifies and evaluates the risks to an application. This involves categorizing which assets or sensitive information the application accesses in order to identify potential threats to the application. The end result is ideally a reduction in the number of vulnerabilities that make it through to the release version. Also, since the cost of addressing security issues increases as the software design life cycle proceeds, threat modeling not only helps create better products and increase customer confidence in your applications, but also benefits the bottom line.

Threat modeling: Tools and tactics
If you employ a data flow approach, whereby the threat modeling team maps the flow of data through an application, the team can identify the key processes and the threats to those processes. By having your security professionals and developers work together, it's easier to analyze an application from an attacker's point of view.

The optimal time to employ this approach occurs once user requirements for a new application have been gathered, and work has started on the architecture and design of the application. This process not only ensures architecture design issues are resolved early on and creates a set of documents that identify and justify the security requirements of the application, but also helps everyone involved gain a better understanding of how and why a hacker may attack and how vulnerabilities can be removed.

Aside from these approaches, there are tools that enterprises can use to ensure the threat modeling methodology is maintained. Microsoft's Threat Modeling Tool, for example, can help development teams organize relevant data points, assets, trust levels, data flow diagrams, threats and vulnerabilities into a threat model document. Relevant countermeasures such as data validation and encryption for example can then be implemented and tested to ensure the application doesn't leave sensitive or personal information vulnerable to potential attackers. Testing may include penetration tests and fuzzing, where the application is sent varied and invalid data to ensure that it can handle it correctly.

Relying solely on perimeter security is not going to keep your applications secure. Using the threat modeling process will ensure that security is built into applications from day one, increasing their resilience and reducing their support costs at the same time. Threat modeling also provides a great opportunity to show management how security can add business value.

About the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the bookIIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Messaging Security School and, as a SearchSecurity.com site expert, answers user questions on application security and platform security.

This was first published in January 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.