An introduction to Web application threat modeling

For adversaries, dissecting enterprise Web applications has become second nature. They often know the weaknesses of various types of Web applications better than the enterprises attempting to secure them do.

According to Tony UcedaVelez, founder and managing partner with application security consultancy VerSprite, the best way to turn the tables is with a process called Web application threat modeling, a detailed paradigm that offers enterprises a way to analyze the weaknesses in the components and processes within a Web application.

"It's a more scientific method to applying security by understanding functionally what your Web application is doing in the first place," UcedaVelez said, "and how it can be mistreated or misused by an attacker."

In this video, UcedaVelez explains the basics of what Web application security threat modeling is, how it differs from Web application penetration testing, what it reveals about the most viable Web application attack patterns, and how to get started with Web app threat modeling.

View All Videos

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close