Chapter 2: Using Threat Models for Security Testing

Previous page
Table of content
Next page

As demonstrated in the combination lock example in Chapter 1, General Approach to Security Testing, it is important to really understand how something works to identify potential security issues. Threat modeling is a process that can be used to outline how a piece of software works, what the software interacts with, and how data enters and leaves the software or part of the software and to enumerate potential security threats. In the lock example, we discussed how it might not be easy to spot the potential threats. How many people would quickly think of inserting a small piece of metal between the lock and the shackle? Not many. In this chapter and the next chapter, we discuss how to better understand a piece of software, including how attackers can send data to it and where that data is used. This data could potentially be used to control the application in ways unwanted by the software creators .

Threat Modeling

Software threat modeling is a process that has evolved quite a bit over the last few years . Microsoft Press published an entire book written by Frank Swiderski and Window Snyder titled Threat Modeling on the subject. The second edition of Michael Howard and David Leblanc s Writing Secure Code (Microsoft Press) and Michael Howard and Steve Lipner s The Security Development Lifecycle (Microsoft Press) also contain information about threat modeling. In addition to these books, Peter Torr, in an excellent article titled Guerrilla Threat Modelling at http:// blogs .msdn.com/ptorr/archive/2005/02/22/378510.aspx , describes how to create threat models quickly. You can use these valuable resources to expand your understanding of threat modeling beyond what we discuss here. In this chapter, we focus on understanding how security testers can use threat modeling to create actionable test cases and help prevent security issues from entering the product in the first place. For example, the Microsoft software development cycle now requires threat modeling to be performed in the planning and design stage. By performing threat modeling at this stage in the product development cycle, design flaws are found before the code has been written.

Important  

Before Microsoft implemented the threat modeling process, software developers relied almost entirely on code reviews and penetration testing (pen-testing). Code reviews and pen-testing uncover implementation flaws, whereas threat modeling uncovers design flaws. Finding and fixing both types of flaws are important parts of building secure software.


Previous page
Table of content
Next page
Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156
Authors: Tom Gallagher, Lawrence Landauer, Bryan Jeffries
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Adobe After Effects 7.0 Studio Techniques
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
The Complete Cisco VPN Configuration Guide
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy