How Testers can Leverage a Threat Model
The threat model creation process should include representatives from the design team (the team that wrote the product specification), the programming team, and the testing team. Each member brings a different point of view and different knowledge about the product. You risk overlooking valuable information about or insights into the product if the threat model creation process doesn t include someone from each of these disciplines. External attackers don t have access to the people who created the product or to the product specifications. Use these information sources to your advantage in security testing.
Threat models (TMs) typically consist of three key parts :
-
Data flow diagram (DFD)
-
Enumeration of entry and exit points
-
Enumeration of potential threats
You can use each part of the threat model to find security problems and ship more secure software.
| Tip | Creating a high-level DFD and TM shouldn t be too time-consuming . For example, the DFD and threat models included in this book took us less than an hour to create. For more complex features, it is worthwhile to create a quick, high-level DFD, and then later to decide whether it is worth creating more detailed DFDs and TMs for individual components of the DFD. It is important for you to weigh the return on investment for threat modeling. The high-level threat models have a high return. Lower-level threat models have a high return only for risk features. It is important to use the high-level DFD to make a judgment call on whether it is worthwhile to create more in-depth threat models. |
| More Info | For more information about creating threat models quickly, see Peter Torr s article at http:// blogs .msdn.com/ptorr/archive/2005/02/22/378510.aspx . |
EAN: 2147483647
Pages: 156