Improve Web application security with threat modeling

To resolve this problem of security versus usability, most infosec practitioners agree that the industry needs to improve security in the software development life cycle. As part of this process, many development teams have started using threat modeling.

Threat modeling: Underlying security and business benefits
Threat modeling not only raises security awareness amongst developers, but also makes application security an integral part of the application design and development process. It is a great way to help an organization bridge the knowledge gap between information security and development professionals.

More on Web application security Learn how to combat software security flaws. Review these guidelines for Web application development best practices.

Performed during the application design stage, threat modeling identifies and evaluates the risks to an application. This involves categorizing which assets or sensitive information the application accesses in order to identify potential threats to the application. The end result is ideally a reduction in the number of vulnerabilities that make it through to the release version. Also, since the cost of addressing security issues increases as the software design life cycle proceeds, threat modeling not only helps create better products and increase customer confidence in your applications, but also benefits the bottom line.

Threat modeling: Tools and tactics
If you employ a data flow approach, whereby the threat modeling team maps the flow of data through an application, the team can identify the key processes and the threats to those processes. By having your security professionals and developers work together, it's easier to analyze an application from an attacker's point of view.

The optimal time to employ this approach occurs once user requirements for a new application have been gathered, and work has started on the architecture and design of the application. This process not only ensures architecture design issues are resolved early on and creates a set of documents that identify and justify the security requirements of the application, but also helps everyone involved gain a better understanding of how and why a hacker may attack and how vulnerabilities can be removed.

Aside from these approaches, there are tools that enterprises can use to ensure the threat modeling methodology is maintained. Microsoft's Threat Modeling Tool, for example, can help development teams organize relevant data points, assets, trust levels, data flow diagrams, threats and vulnerabilities into a threat model document. Relevant countermeasures such as data validation and encryption for example can then be implemented and tested to ensure the application doesn't leave sensitive or personal information vulnerable to potential attackers. Testing may include penetration tests and fuzzing, where the application is sent varied and invalid data to ensure that it can handle it correctly.

Relying solely on perimeter security is not going to keep your applications secure. Using the threat modeling process will ensure that security is built into applications from day one, increasing their resilience and reducing their support costs at the same time. Threat modeling also provides a great opportunity to show management how security can add business value.

About the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the bookIIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Messaging Security School and, as a SearchSecurity.com site expert, answers user questions on application security and platform security.

Rate this Tip To rate tips, you must be a member of SearchFinancialSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Security Architecture Insider How to integrate network behavior anomaly detection into enterprise systems Establishing a practical routine for reviewing security logs How to get the most out of a SIM Security information management finally arrives, thanks to enhanced features Best practices in managing privileged access Integrating biometric authentication with Active Directory Entitlement management systems alleviate access control pain points How to secure SOA Identity federation standards ease authentication pains How to implement the NIST role based access control model Secure software design PA-DSS secures payment applications Inside application assessments: Pen testing vs. code review Static and dynamic code analysis: A key factor for application security success Finjan: Attackers wild about widgets Adjusting a Web application's ability to cache in, log out RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary virtual asset  (SearchFinancialSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.