Threat Modeling

From Guidance Share

(Difference between revisions)
Jump to: navigation, search
Revision as of 03:16, 4 December 2006 (edit)
Admin (Talk | contribs)

← Previous diff
Current revision (05:07, 13 December 2007) (edit)
JD (Talk | contribs)

 
Line 1: Line 1:
 +{|
 +|[[image:ThreatModelingCenter.gif]]
 +||
Threat modeling is an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. You can use threat modeling to shape your application's design, meet your company's security objectives, and reduce risk. Threat modeling is an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. You can use threat modeling to shape your application's design, meet your company's security objectives, and reduce risk.
- +|
- +|}
-== Approach ==+----
-The five major threat modeling steps are shown below. You should progressively refine your threat model by repeatedly performing steps 2 through 5. You will be able to add more detail as you move through your application development life cycle and discover more about your application design.+<!--
- +[[Threats and Countermeasures]]
-[[Image:ThreatModelingSteps.gif]]+-->
- +
-The five threat modeling steps are: +
-* '''Step 1: Identify security objectives'''. Clear objectives help you to focus the threat modeling activity and determine how much effort to spend on subsequent steps. +
-* '''Step 2: Create an application overview'''. Itemizing your application's important characteristics and actors helps you to identify relevant threats during step 4. +
-* '''Step 3: Decompose your application'''. A detailed understanding of the mechanics of your application makes it easier for you to uncover more relevant and more detailed threats. +
-* '''Step 4: Identify threats'''. Use details from steps 2 and 3 to identify threats relevant to your application scenario and context. +
-* '''Step 5: Identify vulnerabilities'''. Review the layers of your application to identify weaknesses related to your threats. Use vulnerability categories to help you focus on those areas where mistakes are most often made.+
- +
- +
-== Resources ==+
- +
{| style="width:100%" border="0" {| style="width:100%" border="0"
|- valign="top" |- valign="top"
| |
 +=== Getting Started ===
 +* [[At a Glance: Threat Modeling]]
 +* [[Cheat Sheet: Threat Modeling Web Applications]]
 +* [[Security Engineering Explained - Chapter 4 - Threat Modeling | Chapter 4 - Threat Modeling]]
-=== Cheat Sheet === 
-* [[Threat Modeling Web Applications Cheat Sheet]] 
 +=== Terminology ===
 +* [[Cheat Sheet: Threat Modeling Terms]]
 +
 +
 +||
=== How Tos === === How Tos ===
* [[How To: Create a Threat Model for a Web Application at Design Time]] * [[How To: Create a Threat Model for a Web Application at Design Time]]
-|| 
=== Templates === === Templates ===
-* [[Web Application Threat Model Template]]+* [[Template: Web Application Threat Model]]
-* [[Web Application Threat Model Template Example]]+* [[Template Example: Web Application Threat Model]]
 + 
 + 
 +=== Walkthroughs ===
 +* [[Walkthrough: Creating a Threat Model for a Web Application ]]
 + 
 + 
|- |-
|} |}
 +
 +
 +
 +__NOTOC__ __NOEDITSECTION__

Current revision

image:ThreatModelingCenter.gif

Threat modeling is an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. You can use threat modeling to shape your application's design, meet your company's security objectives, and reduce risk.


Getting Started


Terminology


How Tos


Templates


Walkthroughs




Personal tools