Summary

If you have never performed a threat analysis on your application, you should consider doing so, particularly if your application is exposed in a network or Internet environment. Cost shouldn’t be an issue, because the cost of performing the analysis—the initial brainstorming phase anyway—is relatively cheap in terms of money and time. Performing a threat analysis gives you an opportunity to meet with other members of your team (possibly in a way you’ve never done before) and discuss possible threats related to your application. Meet for at least an hour, and see how it goes. With the right people in the room, you might be surprised at what you find and how many scenarios you can cover in an hour.

Whether you have performed a threat analysis before or not, this chapter provides examples of how you can create a simple architectural diagram for your application as a tool for helping to think of potential security risks and vulnerabilities. If after looking at the diagrams you run out of ideas, divvy up the source files between you and the other members of the team and look for dangerous keywords such as Open, Delete, and Start as a way to help find additional threats based on unchecked inputs to your application.

Once you’ve created your list of threats, rank the threats in priority order. Now for each issue, you’re left with the big decision of whether to fix the problem, remove a feature to eliminate the problem, or do nothing and hope the vulnerability is never exploited. Your decision could make you a hero for fixing the problem and protecting your customers. Or, if left unaddressed, the problem could turn into a nightmare for you later—requiring you to spend hours sifting through the wreckage created by an attack only to find that the threat was known all along, but you decided not to do anything about it. Oops!