Before You Begin


Before you start the threat modeling process, it is important that you understand the following basic terminology:

  • Asset . A resource of value, such as the data in a database or on the file system. A system resource.

  • Threat . A potential occurrence, malicious or otherwise , that might damage or compromise your assets.

  • Vulnerability . A weakness in some aspect or feature of a system that makes a threat possible. Vulnerabilities might exist at the network, host, or application levels.

  • Attack (or exploit) . An action taken by someone or something that harms an asset. This could be someone following through on a threat or exploiting a vulnerability.

  • Countermeasure . A safeguard that addresses a threat and mitigates risk.

Consider a simple house analogy: an item of jewelry in a house is an asset and a burglar is an attacker. A door is a feature of the house and an open door represents a vulnerability. The burglar can exploit the open door to gain access to the house and steal the jewelry . In other words, the attacker exploits a vulnerability to gain access to an asset. The appropriate countermeasure in this case is to close and lock the door.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net