There aren't any well-established ways to measure the quality of a threat model, and even the term "threat" is open to interpretation. There are multiple approaches to threat modeling, and anyone who tells you his method is the only right one is mistaken. Threat modeling is an integral part of the Security Development Lifecycle. At Microsoft, we approach the design of secure systems through a technique called threat modeling-the methodical review of a system design or architecture to discover and correct design-level security problems. Whether you're building a new system or updating an existing one, you'll want to consider how an intruder might go about attacking it and then build in appropriate defenses at the design and implementation stages of the system. This article uses the following technologies:Īpplying STRIDE to the Fabrikam Analyzer Database How to model a system using a data flow diagram. Shawn Hernan and Scott Lambert and Tomasz Ostwald and Adam Shostack Uncover Security Design Flaws Using The STRIDE Approach
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |