An introduction to Web application threat modeling

An introduction to Web application threat modeling

An introduction to Web application threat modeling

Date: Jun 13, 2013

For adversaries, dissecting enterprise Web applications has become second nature. They often know the weaknesses of various types of Web applications better than the enterprises attempting to secure them do.

According to Tony UcedaVelez, founder and managing partner with application security consultancy VerSprite, the best way to turn the tables is with a process called Web application threat modeling, a detailed paradigm that offers enterprises a way to analyze the weaknesses in the components and processes within a Web application.

"It's a more scientific method to applying security by understanding functionally what your Web application is doing in the first place," UcedaVelez said, "and how it can be mistreated or misused by an attacker."

In this video, UcedaVelez explains the basics of what Web application security threat modeling is, how it differs from Web application penetration testing, what it reveals about the most viable Web application attack patterns, and how to get started with Web app threat modeling.

More on Web Application Security

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: