Threat Modeling – Finding defects early in the cycle

By | February 21, 2013

Finding a proven pattern to find defects early in your cycle saves not just money but also the time required to patch those defects. Threat modeling is a tested and proven method to meet this objective. This procedure evaluates the vulnerabilities that can potentially exist in a target under observation. The vulnerabilities may or may not exist, but assuming that they do and then proceeding with the Software development Life Cycle is a pro-active way of securing your applications.

Prioritizing the area that needs more focus in order to reduce the attack surface is the primary aim of this model. This assessment is done as an iterative process which comes in to picture when new modules are added in to the application. The end result of this assessment is the security profile of that particular application under observation.

In this article, I shall explain about a famous security engineering pattern called the STRIDE model. The acronym STRIDE stands for:

  1. Spoofing
  2. Tampering
  3. Repudiation
  4. Information Disclosure
  5. Denial of Service attacks
  6. Elevation of privilege

Read it in full at InfosecInstitute.

Regards

3psil0nlambda

Leave a Reply

Your email address will not be published. Required fields are marked *